SMS is easy to spoof.
iMessage message security is far better, but remains based on Apple Account and device security:
If the sender’s device or passcode is compromised, or their Apple Account is compromised (particularly without two-factor authentication enabled), or (rarely) malware, problems and fake messages can arise.
Malware is possible, but that has been very rare and targeted based on available information.
If they or you are (potential) targets for mercenary or espionage tooling:
Here is some information on securing devices, securing Apple Accounts, and running Safety Check on iPhone:
I have also met folks that can make, for instance, substantial configuration changes, and then entirely forget the changes were ever made (by them!). They can be entirely truthful about not knowing.
And, of course, there is dissembling, and DARVO.