The summary page states that the vulnerabilities discovered in the Ledger Nano S were all fixed. But since it's closed source, it can't be reviewed. Unless there is a newer research that confirms the vulnerabilities are still there, can we assume this is no longer a treat?
As an extra tip, waiting a few weeks before performing a firmware update wouldn't be bad if someone has reasons to believe the servers might be hacked and are storing a fake firmware.
It seems that Ledger has no intention of making the secure element fully open-source.
We're great supporters of open-source and strive to open-source as much of our software as possible. In that light, we will soon open-source the part of the firmware that is responsible of displaying the dashboard where you can see the apps. The parts of the firmware that interact with secure parts of the Secure Element will not be open-sourced, since they are based on proprietary technology, protected by patents and an NDA we signed with the chip manufacturer.
https://www.reddit.com/r/ledgerwallet/comments/e1wh5q/is_ledger_going_to_make_the_firmware_open_source/