"Users will never understand that security architecture well enough to trust it"

They don't have to!

They just have to know that their more knowledgeable friend trusts it.

This can go, inductively, all the way down to the small number of security professionals who read the white paper and even inspect the code themselves.

This knowledge can take time to diffuse through a population, which is why people erroneously believe that people won't be able to trust a novel architecture.