There are a few potential attacks if it were possible to remove the PIN, one of the most trivial to understand being the supply chain attack. Someone could resell a used unit as new by resetting the device and resealing everything. They could buy the device, flash a modified (insecure) firmware, remove the PIN and sell it to a victim. As far as I know, you need to set it up once (thus also seting a PIN) to flash a custom firmware.
How does a non-technical person verify that it's a genuine Foundation Passport hardware wallet with a genuine firmware? You mentioned supply chain attacks, and since I only have experience with Ledger, I know that a fake Ledger device can't connect to official Ledger servers. So if someone in the supply chain replaced the HW with a fake one or made modifications to it, I wouldn't be able to use it with the official software. How does it work with Foundation's HW?
You can read about it at 11.1 Passport Supply Chain Validation.