I'm not sure I interpret that as trusting the client; rather, it seems like the implication is that HTTP limits will be handled correctly by webserver harnesses, whereas WebSockets may not get any such behavior "for free" from the server framework.
He’s saying that some Webservers allow you to limit request size, but the limits you set might only apply to HTTP(S) and can be circumvented when using another protocol. That’s a server side problem.
Is English not your first language? If it is, I am utterly baffled as how you think that's an endorsement trusting the client, rather than merely a description.
