DNSSEC Validation

According to https://www.cloudflare.com/ssl/encrypted-sni/ it appears that 1.1.1.1 does not validate DNSSEC signed responses but yet the DNS is secure.

How can it be verified secure if it doesn’t validate the DNSSEC responses?

Can you post the results of https://1.1.1.1/help?

If it looks something like mine:
https://1.1.1.1/help#eyJpc0NmIjoiWWVzIiwiaXNEb3QiOiJObyIsImlzRG9oIjoiWWVzIiwicmVzb2x2ZXJJcC0xLjEuMS4xIjoiWWVzIiwicmVzb2x2ZXJJcC0xLjAuMC4xIjoiWWVzIiwicmVzb2x2ZXJJcC0yNjA2OjQ3MDA6NDcwMDo6MTExMSI6Ik5vIiwicmVzb2x2ZXJJcC0yNjA2OjQ3MDA6NDcwMDo6MTAwMSI6Ik5vIiwiZGF0YWNlbnRlckxvY2F0aW9uIjoiTEFYIiwiaXNXYXJwIjoiTm8iLCJpc3BOYW1lIjoiQ2xvdWRmbGFyZSIsImlzcEFzbiI6IjEzMzM1In0=

It should pass DNSSEC:

https://1.1.1.1/help#eyJpc0NmIjoiWWVzIiwiaXNEb3QiOiJObyIsImlzRG9oIjoiWWVzIiwicmVzb2x2ZXJJcC0xLjEuMS4xIjoiWWVzIiwicmVzb2x2ZXJJcC0xLjAuMC4xIjoiWWVzIiwicmVzb2x2ZXJJcC0yNjA2OjQ3MDA6NDcwMDo6MTExMSI6IlllcyIsInJlc29sdmVySXAtMjYwNjo0NzAwOjQ3MDA6OjEwMDEiOiJZZXMiLCJkYXRhY2VudGVyTG9jYXRpb24iOiJMSFIiLCJpc1dhcnAiOiJObyIsImlzcE5hbWUiOiJTa3kgQnJvYWRiYW5kIiwiaXNwQXNuIjoiNTYwNyJ9

The only difference I can see between my result and yours is that I have connectivity to the resolvers over IPv6 as well as IPv4.

EDIT: I just noticed on yours it shows the AS Name as Cloudflare and the AS Number as 13335 whereas on mine it shows my actual ISP