I have the impression you think the article is criticizing the mere existence of firmware. But I think it is not, and I believe that even the author would agree with you that it is not a fundamental cellphone issue, but just existing issues with many (most?) implementations out there.
After security firm CrowdStrike discovered a virtual machine security flaw that could (in theory) put millions of data centers at risk for malware attack this week, the comparisons came on hot, sticky, and thick. It was Heartbleed, all over again.....but this time, even WORSE.