There are so many security issues without anything hardware unless the company manufactures the product itself and has strict security audits and processes.  Even then it is difficult to ensure you aren't missing something.

Look at Intel/AMD etc with Meltdown and Spectre and they are a huge company.