You have to trust all of the code inside the same container where the sensitive operation happens.

Typically the container is the process, the app, the origin: a chunky container with a whole lot of stuff inside.

This is a lot of code to have to trust!

But if you break up the code into a series of contained modules with limited ways to interact except through audited channels, then often the amount of code that has to be deeply trusted because it's in the same container as the sensitive operation is quite small.