I'm not one of those "VPN services are useless" fanatics, but "“trust” and “vpn” should be an uneasy combo" it's not an uneasy combo, it's pretty much your only option.

The amount of trust required for their front-end applications is minimal to the point of non-existence.

The real trust you have to afford them lies with the company and what they do or don't do with your data.

It still requires a certain degree of trust, this changes very little actually. The server side code is still proprietary, and even when it is not (according to their plans) you still have to trust that what they are actually running is an unmodified version of what they have released.

In addition to all of that, you are still funneling traffic through them AND they are still under US jurisdiction, regardless of the license they choose to use for their software.

If you don't trust PIA's or any VPN's clients, you can always use Openvpn clients directly, provided the vpn supports openvpn.

PIA works with OpenVPN, their Windows app was (maybe still is) just a pretty interface on top of OpenVPN, but the trust has nothing to do with the client imo, it lies more in trusting them when they say thry don't do any logging or eagerly cooperate with adversaries. They xlaim they don't log, but how do I prove that?

I do trust them, and I have used them, but I prefer “trust, but verify.” It’s also just the right thing to do, going open source.

Yeah true. Also by open sourcing the chrome extension maybe someone can port this to Firefox. I think it should be relatively easy after the recent move by Firefox to webextensions.