This is true, but their response in March was thus:
This attack vector is also resource-intensive, requiring laboratory-level equipment for manipulations of the microchip as well as deep expertise in the subject.
If what Ledger have published is true, then this is no longer the case. You no longer need lab equipment worth hundreds of thousands of dollars and trained technicians. Apparently all you need now is $100 and some basic electronics knowledge.
They have been aware of the attack since designing Trezor. Using a passphrase has always been recommended and it can protect anyone from any kind of physical attack*.
Everyone should be using a passphrase, but I'd wager few do. I'd wager barely anyone is using a passphrase of 37 random characters, and I'm sure many would view entering 37 random characters (presumably from paper since you shouldn't be relying on memory) every time you want to open your wallet is not an acceptable trade-off between security and ease of use.
If you don't have a hardware wallet, use an offline generated private key/seed (aka "paper wallet").
I might be misunderstanding you here, but how is this safer? If your concern is regarding a physical attack on your hardware wallet, then surely with a physical attack on a paper wallet it is completely trivial to steal your coins?