I don't think Mercury runs their statechain server anymore, but when they did, the first paragraph applied to them too: if they were malicious, and colluded with a malicious prior holder, they could steal payments from someone who received utxos via a swap (Mercury was way ahead of their time -- they had support for LN to Statechain swaps too!). But the second paragraph does not apply quite as much. I personally tested Mercury by doing an onchain deposit, so I know they supported those if you didn't want to do an LN to Statechain swap, because I did one myself. And it was cool knowing that my money, at that point, was still in my self-custody, even though it was now *also* spendable on the statechain. But then I sent it to someone, and some of the magic went away, because I knew, for *that* person, they had different trust assumptions -- specifically, if I was malicious and had colluded with Mercury to prepare an attack in advance, Mercury and I could have stolen my money back from that user. So even Mercury's statechain only counts (counted?) as a second layer in my book if you (1) deposited via L1 and (2) never sent or received statecoins to/from someone else -- which, of course, defeats the purpose.