Both systems are trustless in regards using the cryptocurrency (note that Zcash still lacks enough peer-review compared to Monero so major bugs could exist), the trusted and worrying factor in Zcash, which Monero doesn't suffer, is that you have to trust that the Zcash team is able to properly setup and dispose the so called "SNARK public parameters" that produces a kind of cryptographic "toxic waste" which could make Zcash counterfeitable.

SNARKs require something called “the public parameters”. The SNARK public parameters are numbers with a specific cryptographic structure that are known to all of the participants in the system. They are baked into the protocol and the software from the beginning. The obvious way to construct SNARK public parameters is just to have someone generate a public/private keypair, similar to an ECDSA keypair [*], and then destroy the private key. The problem is that private key. Anybody who gets a copy of it can use it to counterfeit money. (However, it cannot violate any user’s privacy — the privacy of transactions is not at risk from this.)

More information on the setup parmenters and risks can be found here. The ceremony to construct the zk-SNARK parameters involved the participation of 6 people. Since it cannot be conclusively proven that collusion did not (or will not) occur, Zcash users will have to decide whether or not the level of risk being "quite low" (according to Vitalik Buterin) is acceptable:

I actually recommended a different process for the trusted setup - my preference was to not bother with the airgaps, DVDs, offline laptops, etc and make up for it by having 20-30 participants instead of six and make sure they come from different countries, backgrounds, etc. I got this instinct from my experience managing the ethereum foundation wallet - our original setup was 3-of-4 but had lots of fancy secret sharing, encryption, offline signing and other machinery on each device but at one point it nearly broke, and since then we're using a 4-of-7 hot wallet between online laptops, and I feel much more comfortable with the security of the latter. But these are only my views, not shared by everyone, and others of course have different opinions how the risks and benefits should be balanced. EDIT: just to be clear, I still personally think that the risks of the current setup having been compromised are quite low.

Peter Todd, one of the six participants in the Zcash trusted setup was more critical: