What would happen if you walked in to their server room and tried to update their database to reverse a payment?

Simply, "It doesn't work like that". Very similar to how you can't just "hack bitcoin and change your wallet value". At best you can use your web inspector to add zeroes to your balance.

Transactions in ledger-based accounting require a source and target account. In double-entry, all transaction legs have to sum to zero. "$10 on Paul; -$10 on Alice."

Your "current balance" may be cached, but it's never used. Most financial systems (which I suspect extends to banks, but I could be wrong) will enforce recalculation of at least the tip of the account's ledger whenever a transaction comes out of it. You don't just add/substract from a cached number.

You would be politely asked why you were in a restricted area, and asked to leave.

Currency is based on trust. Trust that the ledger is correct, auditable and matches up.

but to address your question, its possible to unilaterally reverse a payment, but as you'll then have to tell the clearing house to reverse the transaction, you'll need to get authorization from thirdparty, which is tricky. Moving money around inside a bank though is probably much easier.

However you're far better off just running a limited company and offering loans, that's a far easier way commit fraud.

How do you know that I won't steal funds from your account?

Do you simply trust that I won't, and that your bank trusts me not to do so?

I suppose the question is, what's stopping me? Trust or security?

In truth? I don't think your competent enough to get that far.

but more deeply its both trust security, and legal liability.

First you need to gain access to the system in the first place. Then you need to have unfettered access and be undetected. Considering this has been the number one ledger attack since the beginning of time (which is why tally sticks were a thing, and double entry book keeping) There are lots of systems in place to stop, detect or alert. Not only that you have the statement generating system which sends out physical copies of the account monthly.

Second we would need clearing houses to not notice that there is a mismatch in funds.

third when you try to extract that cash, we'd need the money laundering alarms to not go off. Which, if you've tried to buy a house in the UK, you know is not at all trivial.

You have to realise that the banking system is reliant on a bunch of very bored, highly motivated, fresh out of uni graduates to tally, move and generally be the grease that moves capital about. They will have tried all sorts of tricks to cheat, scam & salami slice money. There is a huge amount of effort going on to stop, detect and deflect fraud. Mainly because the banks are liable for it.

So for standard bank accounts, the chance of someone getting access to a server and changing the values of my account and not being detected are pretty limited. Not impossible, but small.

And thats the key. If the bank cocks up, the law is very much on my side as a consumer. the bank will be compelled to reverse the fraud. If they don't they get fined and or loose their license (although in practice, I don't think thats likely.)

With zero trust, if someone cocks up a digital contract and someone extracts the entire escrow value, game over. no recourse, other than to try and take the perp to court.