Right, but they have no control over interception rootkits installed on the client. And all of their marketing material suggests that the client in question will usually be your phone. After the VPN software decrypts the data and before it is emitted from the speaker and/or displayed on the screen, there is a cleartext data stream that could be intercepted by a rootkit that the feds could order your telecom provider to silently install.