Exactly, so arkoor vtxo have what we call the “statechain model”, but maybe we should find a better name for it, like “server cosign assumption” or something.
The assumption is that it can’t be double spent as long as the server doesn’t collude with a previous owner of the VTXO (meaning anyone since its inception in a round). A user can “exit” this reduced trust model by refreshing their VTXO during a round. A VTXO that is the direct result of a round does not have such reduced trust assumption.
This means that in the worst case, any VTXO in such an arkoor model will be refreshed back into “trustless mode” every interval of the expiry time (1 or 2 months). Users who don’t feel comfortable holding an arkoor VTXO can always submit their VTXOs for refresh directly after receiving them. But since the liquidity fee that has to be paid for refreshes is proportional with the time until the expiry of the VTXO, the fee will be higher when a VTXO is refreshed right after receipt, compared to a lower fee when the receiver holds on to the arkoor VTXO until it almost expires.