True. Apple is trusting that the National Center for Missing and Exploited Children will provide authentic and verified images. It is also clear from the details that some small number of matching images will not be enough to create a report and any report will be manually verified. A single matching photo will not create a false positive. Given the need to insert a lot of photos combined with manual verification of a flag, it sounds like a lot of people have to be corrupted to lead to a problem for someone. Also, NCMEC is well known. I hope they stay true to their stated mission. Time will tell.
As others have pointed out, the longer term problem is that the capability may tempt governments to put pressure on Apple to work with other image sets. However, Apple has of course had this capability for quite some time and (as far as we know) have not been doing this so if any company is large enough to resist they are. It is a risk, but not much more of a risk than it has been to date. I do think it is a positive sign that they are being open about what they are doing.
We don't actually know this. That's the issue. It is VERY opaque.