When we don't have oversight over the source code or the supply chain, before the device gets to us we should be cautious. The incentive to backdoor a device only increases with time.

No hate on the wallet manufacturers there are some great devices out there,

I do think adding your own entropy into the seed creation process does provide some extra protection since you're not fully trusting the chip on the device and code to generate randomly.

You could also have 1 of your multi-sig created using an open source device like your seed signer or use Tails OS/Glacier Protocol to spin up a 3rd on a virtual machine

No 100% perfect solution, but you have options, its all about how much time and effort you're willing to commit to secure your stack