Is this just as secure as a paper wallet? I should imagine it isn't because it requires you the manufacturer to actually have access to the private keys?
The keys are generated using entropy from the trezor plus entropy from the computer you plug into. There's no way for the manufacturer to know your keys.