I would say, you always have to trust the service provider. While you can manually verify a direct end-to-end connection etc., web apps could always easily change, without user notice. Well, but that's also true for any proprietary app that isn't open source and code-reviewed.

It could be a browser feature in the future to sandbox those webcam data so that it's only transfered to a specific opponent. That has some problems to solve and is just a raw thought.