while the problems you describe are valid, my personal experience is fully opposite — trust is decreasing. I do not remember anyone worrying about supply chain 15ish years ago — windows was where the viruses lived, and unix people were installing distros, compiling kernel modules and building tarballs without auditing anything.
I think what I was getting at is more that the volume of unreviewed code is increasing faster than our ability to review it. We're more aware of the risks, but we're also running `npm install` on packages with 200 transitive dependencies and now asking AI to write whole features. The awareness went up but so did the attack surface, and I'm not sure the first is keeping pace with the second.