~ Ledger developers could have issued malicious firmware stealing users' seed phrases and passphrases, but finally decided it would be more beneficial to create a service that people subscribe to and share private keys and identity information with absolutely voluntarily.
"Could have"? Why not both? We have no way of checking anyway!
I am saying Ledger tries to make passphrases less secure and more user-friendly, which, together with the announced Recovery service, is going to make a hardware wallet no better than a regular hot wallet.
I'd say it's
worse than a hot wallet: I use several different hot wallets (for small amounts), and I'd
never use Ledger's "pay us to give us your seed phrase" scheme.