Honestly, it kind of makes me want to look elsewhere for another device. Why would you feel comfortable with your device connected during the most important part of setup(releasing seed phrase)?
I can see where you're coming from.
Even with open-source code, the difficulty of auditing all those lines, the client Trezor Suite and the firmware isn't going to be simple.
Without time and/or effort, you'll just be trusting the verdict of other users/developers on the code. (
the consensus is it's safe)
If still in doubt, you may consider a full "
air-gap" hardware device which can be used for transaction signing (
PSBT) and initial setup without connecting to a computer.
E.g. Coldcard.