* Takes open source to the next level: The open source code can be viewed, verified and compiled directly from the device itself.
This is not correct. Coldcard is not open source, but rather, it is "source verifiable".You can see their license here: https://github.com/Coldcard/firmware/blob/master/COPYING-CC
License: MIT
Code that is not actually open source is bad for the product and bad for the ecosystem. If no one is actually allowed to use their code in other products, then you are going to have far fewer sets of eyes on the code since there is far less incentive for people to spend their time examining it.
Being under MIT licence ColsCard code is allowed to use virtually with no restriction. According to fossa.com code can be used in any software, including commercial one, can be modified and redistributed. Two miserable restrictions: "you can’t hold the code author(s) legally liable for any reason. You also can’t delete the copyright notice and original license from your version of the code".
What you don’t like about their license?
Coldcard is not open source.
I have the opposite view. Being under MIT licence it's open source.