You can inspect the wasm binary, we can't take that ability away from you (or you can compile using the sources we provide on GitHub and see it provides the same result, it's actually built from an actions runner anyways)
End to end Encrypted is valid here because both peers of the request (client and server) have their information being exchanged through TLS and they both manage their own keys. We can't look inside the TLS tunnel, we only transport the TCP side. It's end to end encrypted in the same sense that when you go to hackernews your ISP can't see your password because of TLS. The peer you are requesting has ensured only you can see the data, not any intermediary
(Unlike in http where it's completely plain text or a corsproxy where all data is visible to the proxy).
> We can't look inside the TLS tunnel, we only transport the TCP side.
But you could if you were malicious, you control the tunnel creation code.
> It's end to end encrypted in the same sense that when you go to hackernews your ISP can't see your password because of TLS.
But its not like that. I do not have to trust my isp to not be evil. There is nothing my isp can do to read the password. I do have to trust you, you could easily modify the software in a way to read my password.