Welcome to Algorand!
(1) There are around 100 relays. Their IP addresses are public because other nodes need to look up for them. So their approximate physical location is not really secret and cannot be secret. See The default list of Relay Nodes for example for how to get the list.
(2) When you query the blockchain (to get any information about past transactions / balances / …), you need to query a node. For transactions before 1000 rounds ago, the node needs to be archival. You absolutely need to trust the node you query. If you don’t want to have to trust anyone (but the Algorand software itself), the best is to run your own node and to route all your queries to your own node.
If you query any node you don’t operate, you need to trust the node provider to not tamper the answer. This is an issue for any blockchain.
From the point of view of security when querying the blockchain, since you only query a given node, the only thing that matters is that this given node is trustworthy. If there are 1000 nodes you can query and 999 are honest but 1 is not, what matters is that you query one of the honest nodes. There is no way we can prevent a malicious node provider from answering wrong information. This is the case for all blockchains.
However, note that when a node is started, it will synced to the network by asking blocks to relays (relays are archival). When it does so, it will verify each block. Algorand is designed so that forking is impossible (assuming 80% honest participation nodes). Therefore, a node that syncs up from scratch will always have the right blockchain, even if all but one relays are malicious and provide the wrong blocks. If all relays are malicious, then the node may not be able to fully synced (it may stop syncing at a block before the last block), but even then, it will not have wrong blocks inside.
So when you run your own own that you sync from scratch, you are certain that you are seeing the right blockchain (albeit maybe not the last block) even if all the relays are malicious.