On the contrary, a user needs not to trust the server on which the filesystem physically resides. Indeed, the server only has access to data in encrypted form which is of no use. Obviously, the server can modify the data stored and there is nothing that the user can do to prevent that. However, since TCFS includes authentication mechanisms for the data, if the server modifies the data, the user will immediately notice that data has been altered.
Similarly, there is no need for the client to authenticate the server. Suppose that a pirate host has managed to impersonate the legitimate TCFS server. We stress that, even in this case, the privacy of the user is not compromised. Indeed if the client tries to write, then the private server only gets encrypted data. On the other hand, if the client performs a read operation, the data he/she will receive from the server will not be authenticated and thus immediately rejected by the client.