Query calls get you fast responses but indeed have no security guarantees. In our canister development guidelines the recommendation is to either use certified variables or update calls (or a quick query call followed by a confirming update call). DFINITY is exploring the option of query certification, where the user can dynamically select query calls and get the response certified. This will be more costly than standard query calls but faster than update calls since they do not have to go through consensus as update calls do since they do not change state on the IC.
Wrt trust in the boundary node, DFINITY is looking at developing a web extension to give an alternative to trusting the boundary node to deliver the right service worker. Another forum thread has some discussion.