BTW the trusted code aspect is to protect your browser from running arbitrary javascript without your knowledge. Basically it’s to prevent someone sending you a notebook that tries to infect your computer unknowingly by embeding dangerous javascript in the outputs. This is why 2*3 is trusted by default but a video output is not when executed elsewhere and reshared, because the former has no javascript needed to render.