Im not a conspiracy theorist or eternal cynic, but yes to the above stuff. I simply dont trust anyone. In the software world its the same concept as never trusting anything client side.
I don't think it has anything to to conspiracy theory or anything like that, it just a matter of fact, that nation state actors just simply DO NOT trust anything digital for important stuff ATM.