You don't have to trust that at all. You can verify that the wallet signs a message with the correct private key that was generated offline.
When you send funds to the wallet, you don't need to send them to the address that the wallet presents, you can send them to the address you calculated during offline key generation. As long as you use the Trezor derivation path on your offline machine, it's predictable what the first address will be.
No because I feed my wallet public key (xpub) to scripts that derives the wallet addresses, and I verify that the derived addresses match what my wallet generates. I'm paranoid like this :)
Granted that would be really inconvenient to do if one used the wallet on a daily basis. In my case I use it rarely enough (large transactions only) that it doesn't bother me that much.
When you send funds to the wallet, you don't need to send them to the address that the wallet presents, you can send them to the address you calculated during offline key generation. As long as you use the Trezor derivation path on your offline machine, it's predictable what the first address will be.