The worst possible scenario : Hackers hack official Ledger site, add fake firmware and try to get as many users as possible. Maybe it's not a true comparison, but who could have imagined a few days ago that hackers will use original Electrum wallet to steal hundreds, and probably thousands of BTC?
I'd like to know the security procedures of their hosts because this is going to become an ever more obvious vector. We'll see it happen to more decentralised exchanges as long as they remain website based and something like this is a vast temptation. It does make me wonder whether it's only a matter of time. Every update makes me nervous.