Each document sent down the encrypted pipe has a certificate which proves if the message has been tampered with
If we included message security it would make the security end to end encrypted. But if server a is passing your message to server b, then the connection of your browser to server a is encrypted but when server passes your message to server b it must create a new ssl connection and THIS is where server a has access to your (unencrypted) message
