I just replied to your other thread:
Hi @walter.almeida, I’ve been working on getting an answer for you since you asked; sorry it took so long, and thanks for bringing this up. Since obviously security is a sensitive issue I had to verify with Inrupt’s VP of Trust and Digital Ethics, and then run that by the Solid editors, to make sure the provided info was correct - and obviously they’re all busy people.
Anyway, there is now an answer in the solidproject.org FAQs: https://solidproject.org/faqs#are-apps-vulnerable-to-an-origin-bypass
My personal interpretation (but: that might be wrong, refer to the FAQ for an authoritative answer) is that, indeed, this is a known risk, which is why the Origin-based app-trusting is still labelled as experimental, and people are working on a secure replacement.