here's my hot take: TEE's can't do anything for wallets. they insulate the operator deploying software from their provider (eg AWS), if you use them in a specific way. this is actually important, as most deployed services can be monitored and manipulated at any time if the provider had reason to. there's no way for a third party to know what code is running, or who has copies of key material, but running inside a TEE is actually better than not running inside one.
i've said before that i don't' think cashu can be fixed, but this doesn't mean it can't be improved. the single biggest issue is that an honest mint has to operate indefinitely because no one else knows which coins are live. the second is that no one knows whether the reserves cover the coins. the third is that it doesn't have the privacy guarantees it claims.
the first can be addressed by sharing data and providing attestations. maybe there's some fancy zkp thing that can keep things private, i don't' know. multiple other mints should be attesting that your mint has a conforming ledger with the same hash. there should be some way for them to coordinate and decrypt the ledger if necessary.
for the second, a mint's reserves should be in a multisig of those other mints. they can recover it much later if everyone goes offline, but during normal operations, reserves should be immobile, and greater than the obligations of the mint.
and lastly, a wallet should be able to talk to a mint over something other than https. mints should be identified by nostr pubkeys that wallets can talk to over gift wrapped dm's. doesn't have to be the primary path, but if someone wants actual privacy they should be able to use a wallet that does this. https is not compatible with privacy, ever.
these are all things that i've realized in developing bitcoin deposits. they don't fix ecash because of the specific model of the system, but they close a lot of open holes. if one or more of those closed holes were what's keeping cashu from being popular, there's value in it.
ecash relies on secrets, and because of this it must always be trusted. but i don't think trust is actually what's holding it back. good luck
