Yeah that’s end to end encryption. Like any security protocol it is based on assumptions and trust comes from somewhere. In this case trust comes from verifying each other security keys, or more meta: knowing that the incentive for the server to cheat are low as they might get caught by anyone checking and it could kill the entire product.