And yes, what Pmalek mentions and what I tried to highlight as a quite despicable part of firmware is code that's there to have the main secret leave the hardware device completely. Oh boy, this is a can of worms and we kicked it. Yes, I'm aware, my BitBox02 allows a backup on a microSD card. Is this equally wrong as Ledger's Recovery service crap? You judge!
Displaying the wallet's recovery words again on demand feels kind of wrong to me, too.
As long as it's an optional feature that is not forced on you, then each user can decide whether or not to use it. Ideally, Bitbox shouldn't have it either. A separate seed extraction firmware can easily be developed by developers if they wanted to. At least Bitbox doesn't send this data remotely over the internet to other parties for "safe-keeping" (that we know of). It's a local digital backup. If the feature gets merged into the firmware that everyone uses, then end-users don't really have a choice. The code is forced on them. The option is there and can be activated anytime by the click of a button or a switch. It's far from ideal.