It is quite scary that they were able to create a clone of the exact same components and hardware as a genuine device and even backdoor it and extract the seed.
That is the open source model of TREZOR and why we all love it.
As far as I know TREZORs are not delivered with working firmware now. You have to do an update and you should not trust your new TREZOR if it is pretending to have the newest firmware. Wouldn't that take care of the backdoor?
Good idea but I don't think that would solve the issue even if the hardware was delivered without working firmware inside because attacker can always use a phishing method to redirect download of customized firmware(malware).
It is true that open source has positive impact on development, but at the same it is also an invitation to the bad guys by allowing more attack path to be discovered. Think for a second why (open source) Android has so many hacks (mostly jailbreaking with custom firmware) and non-open source such as iOS has better security.... it is because the source is managed tight, leaving small room for potential attack paths to be discovered.