At the same time, they transparently announced that they had access to private keys. After all, we should trust them that they will never abuse it and that the recovery option is activated only at the user's request.
Theoretically, Ledger could have implemented Ledger Recover and introduced their keys-sharing code without anyone knowing about it if they wanted to. The only thing that could prevent it is perhaps their TOS and Privacy Policy, but we all know how quickly these agreements can change and that most end-users don't pay attention to it.
Ledger Recover could have been released in secret. The agreement and names of custodians could have been kept private. Code-sharing firmware could have been introduced in firmware updates and no one would know anything about it until much later when the information got leaked. They could have done it in a way where users don't have to give their consent to extract their keys. The closed-source nature of their products make all that possible.