I agree that this may be unduely paranoid...
I don't see how you're being unduly paranoid.
Maybe I'm not. But perhaps I am being
inconsistently paranoid, since I am willing to run a precompiled Armory - anything could be sneaked into it, in principle.
Since Trezor's firmware is open source, people can audit that ...
The point is, I can't. How can I know that the firmware on the device is the same as on github.