I agree with your explanation, but actually bootstrapping the compiler might not even be enough, as pointed out by Ken Thompson in his classical essay in 1984 [1] "Reflections on Trusting Trust.
Bruce Schneier already said that in 2006 [2]:
> It’s interesting: the “trusting trust” attack has actually gotten easier over time, because compilers have gotten increasingly complex
Since 2006 compilers have become even more sophisticated, but also much more complex, thus even harder to validate.