Hardware wallets, like mixers, are in what I like to call "the trust business". They should never lie, because if they lie once about something you can verify, you should assume they also lie about things you can't verify.
So basically, this should be the end of Ledger.
You are forgetting the bigger picture here. The secure elements in popular hardware wallets aren't 'secure'. This should be the end of all hardware wallets with such secure elements. But it's not going to be. I don't think it's going to be the end of Ledger either. Hardware wallets are not what they were marketed to us to be. That's the takeaway from the Ledger fiasco. Ledger were just the first to shoot themselves in the knee. The bigger problem is that hardware wallets with secure elements don't protect users against remote access as long as there is a possibility of sharing the data stored on them over the internet.