But with the Hardware schematics and the open source firmware it's more easy for an hacker to find a breach, no?
Open source simply means that the code is verifiable. If an attacker wants to create a scam version of the wallet for example, they do not need the original code, all they are going to do is design their scam version with the logo and name of the wallet and use their own malicious code, and so they can do this for an open or closed source wallet. Why an open source wallet is more secure is that you can verify the code of the wallet you downloaded or bought before using it.
But until now they never stole the cryptos on it, right? and there was never a problem with this?
People do not have to lose money through this service before you do what's right. It is a wrong way to store the seed phrase to your funds, and if something goes wrong in the future you'll regret why you didn't use a different wallet.
So now does my cryptos are more secure on the Ledger or on an Exchange?
Never use an exchange wallet to store your funds. This would not have even been a discussion before this recovery service was announced. In Ledger you have the keys to your funds and the seed phrase, and you don't have to opt in for their recovery service, so it is many times better than keeping funds in an exchange, but there are other recommended hardware wallets you can use instead, or just create your own air-gapped wallet.