Validate Signature Owner with Web3

Using web3.wallet.accounts.recover(message, signature) I get the account I used to sign.

This is enough to ensure that the signature was made by the returned account ?

Web3js API Doc says it "Recovers the Ethereum address which was used to sign the given data"
But it is not very clear whether this data is computed by the public key algorithm or is simply extracted from the raw signature as metadata.

editing: web3.eth.accounts.recover(message, signature)