The previous replies cover it already quite well and I just try to summarize it:
I need to start one step earlier: What allows you to access a dapp hosted on the IC directly from your browser is the HTTP gateway. At a high-level, the HTTP gateway transforms the HTTP request coming from your browser into a query call and the response from the canister back into an HTTP response.
When this translation happens, the HTTP gateway has to somehow check that the query response has not been tampered with by a malicious node. The key to that is response verification: basically, the query responses come with a certificate signed by the subnet ensuring that no malicious node can tamper with them. You can find a high-level description of that here.
At this point, all is good, if you trust the HTTP gateway. The boundary nodes are one such gateway. However, it is not the only one and you can run your own HTTP gateway locally using the IC HTTP proxy (announcement and code). Why should you trust it? You can verify the code and run that exact code on your machine. You are in full control and can access dapp frontends without having to trust anyone.
The service worker was another implementation of the HTTP gateway. However, we decided to drop that as it didn’t improve security as compared to running the HTTP gateway on the boundary nodes, but came with a lot of downsides for the devs. If you want to know more check this thread.