So the difference between a pod description and a pod is that the pod description is not a live thing. It is just a resource or file in rdf. It has a checksum that can be verified and it’s state is known and it can be trusted. It may reference other pod descriptions but they can be similarly trusted.
A server is a live thing and it’s state is unknown and it can’t be trusted.
So on your local OS you would have to get all the pod descriptions you need and build those pods before they’re used. You’re not importing the data in those pods, that’s left on the web. If someone else is using the “same” pod, they only started from the same description and they also had to build those pods locally. But the data referenced by pods with the same description is shared and stays somewhere on the web.
That’s my interpretation of what it would mean to use Solid on Safe without servers.
I don’t know how parts of pods would remain hidden that way, though. How would wacl permissions and things in pod descriptions not be readable by everyone? I guess they would have to be encrypted within the pod description.