Agreed. It's why I have been pushing mfg's to use signed blobs for firmware and have their firmware check signatures to make sure it's not been tampered with. (Ideally at every "reboot" too...but just getting them to check blob signatures at update would be a huge improvement).
While this sounds exactly the opposite of "Free and Open Source", it's being honest that every desktop, tablet, and phone shipped today almost certainly has more than 5 firmware blobs running on something other than the host CPU. E.g.: eMMC/sata (controller and storage device), Wifi, Cellular, touch, EC, SMM, TPM, and then the world of USB devices: webcams, storage, Ethernet, printers, etc.