Ok, so mercury does fancy math under the assumption that an SE can establish a secure channel because a secret cannot be extracted from that SE.

To answer your original question: I do not consider such tokens self-custodial. SEs are little more than snake oil and usually are secure until they are not, which regularly happens. SEs are security by obscurity and their providers take legal action against individuals that talk about their flaws, resulting in a situation where it's hard to assess how secure they actually are.

So if some small shop markets their tokens in that way, I would assume they don't know how to crack the SE. After all they are not Intel engineers, right? On the other hand, who would have the biggest incentive to push such a scheme? Somebody who has a backdoor to the SE and can't even talk and take credit for his discovery.

I would never put significant amounts of money into such a token and would much rather trust federations of mutually vigilant entities. And if part of such a federation, I'd much rather trust Open Source software on commodity hardware than closed source software on obscure SEs.