You can never have a totally trustless system, but I think we could trust our applications a lot less than we trust them now.

It's not all or nothing. We don't need to give up because some aspects of a system are insecure. There are different threats and different answers.

Qubes got it right in its philosophy. We either get system secured by correctness or by isolation. The former is not possible on a Linux developer machine.

There's a middle ground between accepting and paranoia: secure to best effort.