I disagree that the “caveat” can be omitted and is small. The majority have to trust the community and not the manufacturer, because with the available schematics, it’s sufficiently simple to verify the hardware. It makes a huge difference, because now your threat model can switch from “this hardware might be designed to listen to everyone” to "my hardware might be modified specifically to listen to me*! This is a huge difference with a much lower probability and much higher cost for the attacker. In practice, it means that the majority of people don’t really have to trust anyone at all, since a targeted attack against them is extremely unlikely.