Security and Privacy using SwaggerHub vs. Swagger UI and CORS

[CameronGo]

I've been using RAML up to this point and hosting an API Console that our customers can use to test and try out our API. I am just getting started with the OpenAPI spec and tool set and am trying to decide whether to use the swaggerhub for my API console, or to download swagger UI. I've stubbed out a quick OAS 3 on Swaggerhub for one of my resource paths and I am able to successfully authorize and execute a request against my API (in my dev environment) from Swaggerhub. Since I have not enabled any sort of cross site scripting / CORS on my oauth or API endpoints, does this mean the API request is being made from Swaggerhub and the response is going back to Swaggerhub rather than directly to/from my browser? If so, I believe I might prefer to use a hosted swagger UI for anything that references our production API endpoints.
Additional info anyone can offer?