Comment by olalonde

I can't speak to the political or legal aspects, but technically, Ledger firmware updates are closed‑source binaries delivered from Ledger's servers. That centralization makes it possible for a state actor—or anyone with access to Ledger's signing keys and servers—to slip in a backdoor. Even if the firmware were fully open source, a backdoor could still be inserted during the build process and never appear in the repositories. Avoiding it would require building the firmware yourself, which most users don't do.

As a side note, Bitcoin Core mitigates this risk with deterministic builds and multiple independent developers verifying and signing releases. But this option isn't available for Ledger as most of the firmware is closed source.