You are still trusting the tailscale coordination server for proper key exchange. Yes, traffic is end-to-end encrypted and the private keys stay on the device but there's no way to verify that tailscale is negotiating keys for the machine you asked for
Im pretty sure thats not correct, as you can authorise the nodes that get added, and it is only authorised nodes that can participate in the tailnet.
The problem IIRC is that it is the coordination server that decides what is authorised, so if Tailscale was hacked (or otherwise malicious), nodes could get added to your tailnet without explicit authorisation from the tailnet "owner", which is obviously not good. To prevent this, they introduced tailnet-lock, which requires other peers to participate in node authentication: https://tailscale.com/kb/1226/tailnet-lock#how-it-works
