The firmware is not open source for mainly legal reasons. Due to them using the secured element and having to sign a NDA (apparently), they arent allow to share code tied to the secure element. Rather if this is true or not is yet to be seen, but could still have the firmware open abit more without much exposure. Also, I never implied that they (ledger or any company) are scammers, however I wont rule out a "backdoor" either since. Not saying that ledger implemented directly either and keep in mind im also referring to zero day exploits that cannot be easily discovered like you could be able to find out with trezor (or other open source hw wallets) through auditing the code and have a understanding of how the hardware works with little to know reverse engineering.