Yeah attestations do solve that problem. Specially if the frontend app you are using is open source, or decoupled from the backend or attestation related service. I was more thinking about the trymaple.ai product, where both the frontend and the CC based backend are owned by OpenSecret, so you have to trust that the frontend is actually doing the verification