That doesn't really matter, because they don't need to. All it takes is one crypto-savvy person taking an interest and finding a fault, then posting about it.

Even if they do actively cheat and provide some obscure not-really crypto to give an impression of security, they need to put in an effort, whereas with serverside encryption they could cheat for free. There is also a constant risk of some techie discovering their lack of security.

Anyway, it doesn't matter if you consider auditable security imperfect. Auditable security is objectively more trustworthy than non-auditable security.