I have no idea if the X1 model is open-source or not. I can see that WalletScrutiny has not yet reviewed it, but their other product, the S1, never became open-source although they said it would. So the first condition you mentioned may never be fulfilled and you will have to look elsewhere.
According to the number of app downloads on Google Play Store, the data published by the official websites of various wallets, and the number of reviews on Amazon, I estimate that only Ledger, Trezor, and Safepal have 1 million users. Among them, only Trezor is open source.
This indicates that users lack the necessary knowledge, or are ignorant. The number of users of other brands is particularly small. I estimate that the number of OneKey users is less than 300,000, the BitBox users is less than 100,000, and the Keystone users is less than 30,000. If a company's annual sales is less than 100,000, is its profit enough to maintain the operation? With too few users, the supervision will be insufficient, and it will not be safe.