It's worth noting this Trezor model is one of the few wallets which has no dedicated secure element.
Yeah, this is the last days of hardware wallets without secure elements, or maybe not.On the other hand, if you need to bring your wallet into insecure places like shared offices or something and there is a risk of an 'evil maid' attack, and a comparatively lower risk of backdoors or flaws in the secure element, then this solution is for you.
I'd even go as far as saying that you may actually want to have both types for two very different, very specific applications. Cold storage = no S.E., daily driver = with S.E.? Just a thought.
Bonus task, try to find Kingin in this image (click to enlarge) 
Easy, third one. 
I wonder if he get bounty bug reward from trezor considering this is a great find. I see their bounty bug page [1] but seems still outdated https://trezor.io/security/
He was certainly paid by the guy who hired him for this job, and it's possible that Trezor compensated him related with this flaw.All this happened several months ago and Trezor was well aware of this problem and fixed it right away.
It appears that in addition to the pin, he hacked the seed phrases as well [blurred part].
I guess once you have the PIN, you will have the full access to everything including seed words, but this was the case before fix was applied in firmware.