@amarqueslee-da called out that he found this comment confusing / unhelpful.

Only provided for convenience, clients MUST recompute the hash from the raw transaction if the preparing participant is not trusted.

Let's figure out how to do better.