Its like everything else in life, you make a judgement based on perceived risks.
In, what should be, a closed internal system, security is less of a concern, or there are other mitigating circumstances.
Regardless of what security you try to implement, there is always 1 weakness, users.
Either the user wants ease of use, or they want security, but generally they have to settle for the middle ground which can lead to vulnerabilities.
No system is perfect as long as there is something imperfect involved.
As you say, it all requires trust, and more so a knowledge of what you are trusting.
The only secure, safe machine is one in a locked room with no external connections, but then, what use is that to anyone?