Q: is_trusted_relayer: why the current_account_id bypass?

[olga24912]

Default impl of is_trusted_relayer bypasses check for self-calls:

if *account_id == env::current_account_id() {
    return true;
}

This guard is meant for external API, not callbacks (#[private]). I couldn't find a case where this bypass is needed. What's the intended scenario? If none — worth removing.

[frolvanya]

It's just to add a safe default. Making a function that no-one can call or that everyone can call by default is too dangerous IMO