the question isn't whether the user is trusting Plaid with too much access, the question is whether Plaid is trusting these apps with too much.