Publicly visible Trusted Setup

I’ve been learning zkSNARKs and ZK proofs in general recently and I am probably misunderstanding something.

Let’s imagine a DAPP communicating between the prover (Website) and the verifier (Smart-contract).
If the code of smart-contract is public (it is) or website generates proofs on client-side then the trusted-setup can be seen by anyone. Does this mean (the fact that trusted setup is open source) that anyone can generate invalid proofs?