I'm going to add few details to one of your statements:
- If seed lost, funds are compromised and only way to restore is Hardware + PIN
I feel important to note that user will not be able to restore the seed itself.
User will only gain access to funds (as long as he has access to working physical HW wallet and knows the pin).
In plain simple: Having a physical HW wallet + knowing it's PIN will not give access to seed.
Should later something happened with hardware (lost, stolen, malfunction...) or forgets the PIN (or tries wrong pin many times) there is no way to retrieve funds.