In other words, do you think Ledger has already got something akin to a master list of every Ledger user's private keys? Just thinking out loud here, you know?
Whether they do or don't doesn't matter. The question that one should be asking themselves if they can or cannot. Obviously the answer is they can. Why would anyone sweat and fret about the other questions when the most damning answer is already known?
People should stop using Ledger, it's obvious that they think of their clients as nothing but a number and an income stream.