Nah you don't. You can verify every event's signature if you so desire. The same is true of any client, regardless of how they gather the data. You're either trusting them not to manipulate it or you're verifying every event yourself to make sure they're legit. Up to you.