"requires you the manufacturer to actually have access to the private keys" This statement is dead wrong.
Indeed, and that is why I never wrote that.
A malicious manufacturer can distribute firmware that, instead of using truly random seeds, chooses seeds from a very small set. Then the manufacturer can generate the private keys for all those seeds and find the one that matches the client's blockchain address.
This attack can be performed by the manufacturers, or by any individual or gang who can get hold of 3 of the 5 firmware signing keys. Or by someone who can plant the weakness in the firmware before it gets signed. Or by anyone who can replace the Trezor by a counterfeit one during shipment to the client. Or any shop that sells Trezors to walk-in clients.
I can think of a few other variants on this attack. Surely criminals can think of dozens more.
Without the physical access to the hardware, there is only a single way manufacturer could get your keys: backdoor. There is a catch though. If your bitcoins are stolen by a malware or a hacker, then you are just screwed. If your btc is stolen by an open software, open hardware backdoored device, then you can sue somebody. [ ... ] Their liability for a money stealing backdoors [ is ] fraud and you can sue it everywhere in the world.
If the manufacturers do steal your coins, in order to accuse them of deliberate theft you will have to prove, first, that the the source address of the fatal transaction was under your control at the time, and that the destination address was not. Perhaps you can do that with witnesses, or internet access logs, but it seems quite hard. (But,ok, that is a problem of bitcoin itself, not of Trezor.) Then you have to prove that you did not leak the recovery key words inadvertently. And then you have to prove that the destination address is under their control.
I assume their liability for a software bug is at the zero level.
On the contrary, a client who loses the coins that he kept in a Trezor may be able to sue the manufacturers for misleading advertising, even if they are innocent and the theft did not involve them directly. (I haven't seen the Trezor warranty; I hope that they got the help of some smart lawyers, and thoroughly protected themselves from that risk.) Of course the client would still face the problem of proving that the theft really occurred, as above.
Also, your statement that checking the software is not viable in practice is wrong. They use deterministic build so everybody can check that the software is what it is supposed to be. Also, the software is single purpose, thus small, thus verifiable for backdoors.
As or checking the software, see my previous reply to another post. As for it being single-purpose hence simple, I have seen several posts here requesting all sorts of features and support for things other than bitcoin. I bet that the full source will soon have hundreds of thousands of lines of code. (The Brazilian electronic voting machine, which does not even connect to the internet, has over a million lines of C/C++ source code, not counting the operating system.)