Good point — this is the core trust assumption of the pattern. The wallet is the user's defence: it decodes and displays all instructions before signing, so any unexpected calls would be visible at approval time. Wallets like Phantom surface warnings for unusual instruction patterns — this is consistent with the Solana wallet standard: https://docs.phantom.com/developer-powertools/wallet-standar...
A commit-reveal scheme would add another layer but shifts complexity to the client-side code — an extra round trip and hash verification step before passing the transaction to the wallet.
In practice the threat model here assumes a non-malicious server — the pattern is designed to protect against a compromised client, not a compromised server. If your server is malicious you have bigger problems than transaction bundling.
A commit-reveal scheme would add another layer but shifts complexity to the client-side code — an extra round trip and hash verification step before passing the transaction to the wallet.
In practice the threat model here assumes a non-malicious server — the pattern is designed to protect against a compromised client, not a compromised server. If your server is malicious you have bigger problems than transaction bundling.
Worth noting in the post though — good catch.