Unless they love me, why should I trust them.

your weak secure element is also a security hole

A cold card is a “trusted third party”, no?

nostr:nevent1qqspghr0h35ezdzytrvapw8hvy0s6g5g5ytwpg9lgh6ex2pglau0usqppemhxue69uh5qmn0wvhxcmmv0ackm2

Non-Open Source Software like your Coldcards are a security hole.

If baffles me how many "smart developers" don't understand this.

1. Introduction