What's even worse is "How do we know the current firmware isn't capable of doing the same thing"?.

I see most of these videos on youtube telling people not to worry, and that their funds are safe as far as they don't update to the latest firmware, as if they reviewed the current/previous firmware versions and made sure that there was nothing in the code that could send the seed phrase over to someone else.

I think Ledger shot themselves in the foot, there is no Control Z in this, it's like telling your friend that you always knew their phone's password -- but you never checked their nudes, and that you never will as long as they tell you not to, it's wishful thinking to believe that person is ever going to trust you ever again even if you were completely honest, you had to keep your mouth shut, you can't unspeak something.

The best thing they could do now is to open source their firmware right away, this will at least delay the inevitable collapse and allow them to exit the market with some dignity and fewer lawsuits.

With that said it's very important to stress the fact that what's worse than keeping your BTC on Ledger is panicking to move them elsewhere less secured, or even end up sending them to the wrong address, please folks, don't panic, move your funds out of leger (not to Trezor) without panicking.