Open Source can also have bugs, and code should be verified and checked before installing.
that's why it's recommended since one can tell if there exist a bug when properly verified and corrections can be made.
The list must be well researched, you mentioned most, including some I am not familiar with. If am going to add then
Coldcard
Ledger but currently located a vulnerability they working on.
Safepal X1, S1 and the pro
Etc
You mentioned foundation passport is using Coldcard old code am curious why you didn't add Coldcard to your list.