Otherwise you're staring down the well of microcontrollers, most of which are not documented completely and may have some kind of hidden vulnerability in them. Not necessarily backdoor, but you saw how Trezor devices had that unfixable flaw before. But crucially only state actors care about these microcontrollers, your average script-kiddie hacker will not write exploits that attack microcontrollers because the normal person doesn't use them.