[asdfaoeu]

To be clear really relaying transactions through a server is probably fine. The problem with this one is the api let's the server generate the transaction and the client just blindly signs it. You are completely trusting the server in this scenario.

[mriou]

Not blindly, you see both the generated transaction and the data to sign, you can validate either or both. And you are completely trusting a server in many other situations.