I'm glad to be of help! I think cryptocurrencies are fascinating, so I've spent a lot of time trying to learn all I can about the topic.

As for the "$5.00 bill" - sort of. There's one more piece to the puzzle which I haven't really touched on, which becomes important here.

The "cryptography magic" I mentioned in an earlier post refers to something called "public key cryptography". The way it works is this - I generate a random number (any random number). It needs to be very, very big and very, very random, such that no one else could ever hope to randomly guess the same number. This big, random number is called my "private key" - it's a secret that only I know. From that secret, I can calculate another number called a "public key" that is tied to the private key by some interesting mathematical properties. I can use my private key to "sign" something, and anyone else can use my public key to verify that the signature was made by someone who knows the private key. This is how the "signing" that I mentioned before happens.

Now, your public key is your bitcoin address. Generating a new bitcoin address is as simple as coming up with a new random number, and calculating its corresponding public key. When I want to store money in an address, I sign a transaction that says "this money belongs to this public key", and now in order to spend that money the person needs to use their private key.

Private and public keys are just numbers. I can write a public key on a piece of paper - that piece of paper can now receive money (and anyone can check its balance by checking the blockchain), but it can't spend it without the private key. I could write the private key, but then anyone who looked at the piece of paper now has the secret necessary to transfer money out of it.

So you can't really use it as a traditional dollar bill, it's more like a piggy bank. Anyone with access to the piggy bank can take the money out of it and spend it themselves. Even if you check to make sure there's a balance on the paper when you receive it, there's no guarantee that the person that gave it to you didn't write down the private key for themselves, allowing them to pull the money after the fact.

You are right about needing to trust whatever app you're using. The app has access to your private key; it must, in order to sign the transactions. For the truly paranoid, there are actually hardware wallets that you can buy - these are devices that are not connected to the internet, and thus unable to submit transactions of their own. However, they hold onto your private keys, and sign transactions you give them. It's then up to you to take the signed transaction to an internet-connected machine and broadcast it to the network. This way, your private key never touches any machine or software capable of generating and broadcasting transactions that you didn't yourself create.

Of course, at the end of the day, perfect security is almost impossible. Just as you may have malware that steals credit card and banking info, you can have malware that searches your devices for keys, or changes addresses that are embedded into webpages (so you think you're sending money to someone, but you're actually sending to an attacker). Being secure is mostly a matter of knowing your attacker, and minimizing your attack surface. With traditional credit card-based banking, the attack surface is very large (as Target and Sony have shown; if any merchant you've ever transacted with is vulnerable, then you are vulnerable). We come close to solving this by allowing chargebacks, but those come with their own set of issues. Bitcoin takes the cash approach; you can't chargeback cash if you're mugged, but on the other hand you don't have to deal with chargeback fraud if you're a merchant. Lots of tradeoffs involved all around.