We've known about this vulnerability in ledger's "recover" feature forever. It's something I've been talking about for a long time. If you use a custodian to secure your keys they can be subpoenaed and will comply. This is why I'm advocating for legal products where the quorum of keys if held with other custodians includes your own lawyer and where the custodians don't know who eachother are.