This is a problem, and was already fixed by a firmware update.
I think it's also worth mentioning that this vulnerability, although scary, occurs only if the the attacker has physical access before setup of the seed.
Not 100% true, from what he said it was vulnerable to the "Evil Maid attack"
https://saleemrashid.com/2018/03/20/breaking-ledger-security-model/This is a problem, and was already fixed by a firmware update.
Which took them close to 4 months to put out and still is not properly alerting & forcing users to update.
And if you care at least a minimum about security, you would never buy a Ledger Wallet from third party re-sellers.
Assuming you can trust everyone who handled the package from when it left their shipping dock till when it wound up in your mailbox.
TLDR: ledger hardwallet is still pretty safe, much safer than any hot wallet. Unless you have an airgapped PC, hardwallet is still a good choice.
THAT I agree with. And pretty safe is good for most people. But it's still not REALLY REALLY REALLY safe.
Just because you are paranoid does not mean that there are not people out to get you.....
-Dave