Don't update newer firmware because you could enable access to your keys, and some government could potentially seize coins from you in future, especially if you live in US, UK and France.
Ledger is a failure and I think no one should rely on their words anymore, at least since things are clear. Are you sure that your keys weren't even revealed before this latest firmware update and it wasn't backdoored the whole time you were using it?
That is correct. To the best of my knowledge, their firmware is fully closed source, so there is no way to know whether they had code in it in the past, which extracts seed phrases from secure storage and uploads them somewhere.
Someone already mentioned that with their track record, if they had done such thing en masse, they would already have lost those seed phrases in a hack or data leak. But it's definitely possible that they had a backdoor to selectively extract some wallets' seeds and / or addresses (e.g. for tracking / surveillance purposes).
Their firmware is completely closed source but as the CEO of Ledger said in that podcast, over time, they'll open more source of their code until they reach a level similar to Raspberry Pi.
I think it's okay if Hardware Wallet software remains closed source, at some point I even agree with that approach because on another hand, even if certain company has an open-source software, how can you be sure that they are actually using the open-source code? Is it possible to verify in case of hardware wallets? Maybe I lack technical knowledge here.