Especially since this is a USB-connected hardware wallet, you could easily get a virus on your PC which asks the wallet for the seed phrase 'shards', just the same way Ledger Live will do it when you initiate the Ledger Recover setup. And the wallet will just hand them out.
It won't if it works the same way transaction broadcasting works. You need physical confirmation to broadcast a transaction, and Ledger has said you will also have to physically allow the sharing of the shards. Whether or not that is true is another topic of discussion.
Honestly I find it downright malicious that Ledger's defensive message control boils down to lying about the current state of the hardware wallet ecosystem (ie. claiming that consumers always have to trust hardware wallet manufacturers while that's decidedly not the case).
Putting aside the open-source vs closed-source war, I think the trust lies in the fact that the developers and security experts did their job properly to not mess up the code or introduce vulnerabilities that someone can exploit. That's what most people have to trust because most of us don't know how safe a code is whether we can view it publicly or not.
Trezor's open-source code means very little to me because I can't go through it and I don't understand what it does. I still have to trust Trezor and everyone that has verified the code that it's bulletproof and can't be abused. That's the trust part.