they could. Internet security is mostly build on trust. there are certain industry standards and principles that can be applied by services you use but they have to be applied and need stay in compliance to those rules.

typically the most comon rule is to use https sites instead of http. put also those secure protocols are ultimately govern by an institution.