Are Enjin Tokens Centralized - Questions

Hello everyone,
I am currently on the metadata chapter of the Enjin course and was surpirsed to hear that the smart contract metadata contains a URI that points to a json file on a centralized server for the token’s specific characteristics. I was no expecting to hear that. So, what happens if someone can manipulate the json data on the centralized source. Perhaps they state the token’s characteristics are zero strength (the example in the video was a sword in a game). What then? Do I have a token for a sword with 0 strength? I hope at least a hash of the json file is contained in the metadat with the URI proving if someone has tampered with the centralized data. Surely I am wrong here, but how? Any help is appecitated, thank you in advnace.