Of course, when we buy things like this online, we should always keep in mind what happened with the Ledger database, and avoid such a situation in the future. This means either buying the device directly in a physical store and paying in cash, or using a PO box.
Each individual must decide what the biggest possible threat is: database leaks from centralized entities or supply chain attacks that increase more and more if you add new people to the chain that come in contact with the device. Judging by how many hacks and leaks we have had (not just crypto related), I personally think the former is more likely to happen than the latter. But the other element of the story is privacy vs security. A security leak is more dangerous than a privacy leak. I mean, leaking names, emails, and addresses is bad, but leaking seeds or private keys and having your device manipulated equals the loss of coins.
There is another option, and that is if you have someone who travels to the US to buy you that device, you save some money and don't have to worry about possible data leaks and privacy threats.
That's possible, yes. One more option that works for us in the Balkans is that we usually have friends and family all over the world who could be the recipients of physical goods. If you explain to them the threat model and privacy implications and they don't mind, it's also doable. But that involves putting them in the line of fire which is far from ideal.