How safe is it to start a tls from the istio envoy and not from the container?

if it’s not secure, is there a secure way?

Yes, you need to delegate some level of trust to the envoy sidecar. You can use unix domain sockets to communicate with the sidecar if you are concerned about communication between the sidecar and container.