Your understanding is correct AFAIK. However, the entire point of Bitcoin (and cryptocurrencies in general) is that it's a system that does not have to rely on trust. A "less than trustworthy" implementation is not a tenable implementation. In order for L2 solutions to be truly, universally usable we need a fix for transaction malleability.
Don't trust. Verify.