So this attack is less likely now that you killed the trusted server auto adding. But as far as I could tell you did not clear out old servers. Let me first describe the attack:
The issue I see with this is that; not until to long ago it was trivial to establish trusted servers with federation (or from public links).
The second issue is that userB now not only has to trust serverB to be secure, properly updated etc. But also trusts implicitly serverA. ServerA could serve malicious code. That shows that the user needs to resubmit their password for example.
This is also not made clear on the settings to the admin that enabling trusted servers opens this possibility.
Now. I admit that this is all not super likely to all happen. But iframing remote sources when clicking to edit a document (which the user will just expect to open their own collabora) poses a real risk I think.