Also, the approach you've adopted, like partial signing online and then signing offline and broadcasting it, is something I wasn't aware of.
That's a mistake. It isn't partial offline signing. It's a normal (full) signature on an offline machine which is later exported as a file or QR code to be broadcasted on a device with internet connection. If the signing keys are exclusive to the offline wallet and we aren't discussing a multi-sig wallet, the whole signing process takes place offline.
Access to the private keys MUST be granted in order to sign anything.
Yes, of course. No one is questioning that. But the narrative was that the keys can never leave, aka be exported from the secure element. And turned out to be false.
Exactly. And people that didn't know better believed it. The rest knew that what this really meant was with an asterisk attached: "*so long as no firmware commands it".
I don't know about that. I don't remember seeing a discussion with people who knew key extraction was possible before Ledger told us it is. Not on Bitcointalk at least. If such a thread exists, someone please point me to it.