My thoughts on "end-to-end trust". 

Let's first see an analog:

In a series circuit containing two switches, both must be closed to illuminate the bulb. Similarly, to establish trust on the Internet, every intermediary step must be trustworthy to guarantee the integrity of the final outcome.

Founder, zCloak Network. 
Building a ZKP-powered Self-Sovereign Identity Network. 

A Web3 Dapp typically has two parts, a smart contract running on the blockchain and a front-end interface that interacts with its users. For the system to be considered trustworthy, both elements must operate in a trustless manner.

The smart contract can be considered trustless as it runs on a blockchain. But the front-end website is obviously the vulnerability here as it is just centralized codes hosted in a private server.

The website owner or a hacker, can modify the codes to alter the contents you see or plant malicious code in there to steal your fund. And, there is nothing you can do about it. 

So to achieve "end-to-end trust", a Dapp must also contain an immutable front-end. Failing to do so makes it Web2.5, at best.