That's just not true. Lightning is based on reactive security, where an attempt at taking a user's money is thwarted by a response. That response _can_ fail, and thus @coincenter's argument is invalid.
But not all: a majority of miners _can_ censor Lightning punishment transactions, and thus steal funds. We should not underestimate that risk.
We already trust Lightning nodes for privacy, so this isn't entirely novel.
Unlike Teechan, this doesn't give the enclave the ability to directly steal funds, but does protect against miner-colluding theft.
Different set of tradeoffs: trustless with respect to theft/validity, trusted with respect to censorship.
Lightning traded passive security for active security to scale.