The user could be included, but you are already supposed to have copies of your entire recovery phrase anyway. If you can't keep track of that and lose it, why keep a copy of one additional 1/3 shard?
According to their previous announcement and their FAQ that I provided the link to above, they consider this whole thing as a form of self-custody, so it is a little bit strange that the user doesn't participate in storing funds directly and instead has to trust centralized companies keeping a shared secret.
What prevents them from collaborating to steal customer funds and pretending that the user himself fucked up with recovery keys?
Absolutely nothing.
Does it mean we can't verify that they have no access to the decryption key used to reconstruct the initial seed? It is still unclear how the whole decryption process works and how a hardware wallet knows that you underwent a KYC procedure to start recovering. Who sends it a decryption key because it may be a different device from that you created your setup?