This doesn't apply to older devices that have been discontinued, but which can still be found on sale or have users. For example, Nano S. In their case, a firmware update may be mandatory.
Since they have been discontinued, you can no longer buy them on the official shop. Perhaps they are still available with resellers. In that case, I wouldn't expect the resellers to keep them updated with the latest firmware, and that's true for all models, not just the Nano S.
Why wouldn't they make a backdoor in this point? Users will still be forced to pre-install crypto apps.
The crypto apps and Ledger Live are open-source. The minority that can read code can verify what the apps do. The dangers and uncertainties are in the closed-source firmware.