I was looking at FHS and I found it to be pretty complex. If one were to look at it in simple terms, there should be directories to be managed just by admin root, some to be device or keyboard files which would again be managed by admin, some shell/admin group accessible files and some untrusted ones to be managed by normal users.

Can someone explain in simple terms what directories are trusted and untrusted and to be used by whom?

I find that almost all server hosting have gigantic scripts and used sudo which is extremely unsecure and not according to how GNU fs should work.