yes but how can you quantify that risk in order to KNOW how big or small it is ? just by looking at the number of blobs in your device ?
i was referring to the fact that we don’t HAVE enough evidence to INCRIMINATE anybody for anything at this point … other than what i said above there is no EXACT measure of what it is we’re dealing with …
isn’t risk the domain of insurance agencies ? oh wait - 
just had a revelation 
I would say the risk is “quantified” based upon the job the blob performs and what hardware it has access to. A RAM controller is more risk than, say, a videogame controller driver. Besides, there’s something to be said for someone who says “Look at this code and see that it isn’t doing anything nefarious.” versus “It’s cool, and always will be. Trust me.”
There’s no way to quantify it at all, that’s kind of the point of blobs: there’s no way to inspect them.
There is enough evidence to incriminate a lot of people though, but that would make it seem that there is a need to incriminate anyone. At that point it becomes a matter of who did what, and no longer about software.
The premise is that binary blobs are bad, because it provides a way to cloak unwanted behaviour. There are numerous cases where this had happened, think of keyloggers hidden in drivers and companies like microsoft apple harvesting data through hidden services. A lot of abuse has already been proven and mentioned, but as mentioned “privacy” is a software thing.
There is no reason why free software enthusiasts should have an “exact measure” of how much abuse is going on because of proprietary software/binary blobs. The point to get from it is that it’s harmful for privacy and transparency.
You shouldn’t have to take someone’s word for what an application does, you should have to be able to find out for yourself. If software restricts your ability to ability to do that, it will automatically become worse than an identical application that doesn’t.