That does not explain why the PIN code is not entered on the Trezor itself, as suggested in my original post.
I'd say because it'd be pretty much annoying to enter a PIN code on a device with 2 buttons and it doesn't provide more security to enter the PIN on the device itself here, as an attacker still has to steal the device to use the PIN code he collected from a compromised computer