First of all there is no real "danger" if a ROT-service proofs to be NOT trustworthy because
transactions that arise from INPUTS not owned by a client or that are double-spends will be rejected by the coin-network.
A ROT-server needs to enter the ring. Before he is accepted he needs to present proof that he will answer all questions from clients correctly. Once accepted his "identity" will be broadcast within the ring.
A client should always be connected to multiple ROT-servers, assuring sufficient redundancy. Clients could "accuse" a server from providing inconsistent information, but this is avoidable. Being connected to multiple ROT-servers this server-collection could agree upon the correct answer before transmitting it to the client.
First of all there is no real "danger" if a ROT-service proofs to be NOT trustworthy because transactions that arise from INPUTS not owned by a client or that are double-spends will be rejected by the coin-network.
A ROT-server needs to enter the ring. Before he is accepted he needs to present proof that he will answer all questions from clients correctly. Once accepted his "identity" will be broadcast within the ring.
A client should always be connected to multiple ROT-servers, assuring sufficient redundancy. Clients could "accuse" a server from providing inconsistent information, but this is avoidable. Being connected to multiple ROT-servers this server-collection could agree upon the correct answer before transmitting it to the client.