I have to put my key into the site. But the site is foundation of trust, as it was created when the fork occurred. It is a first party. Any layer above it is a higher tier party, and therefore less trustworthy.
I.e. logging into my banks website is much more secure than logging into another website that will log into my bank.