The “insecurities” of the Librem 5 have been brought up numerous times and I don’t feel much has changed other than the lack of updates (for now). One of the GrapheneOS devs has been critical of Linux phones for some time: https://madaidans-insecurities.github.io/linux-phones.html
This is Kyle Rankin’s (former Purism President and security officer) response to it: https://forums.puri.sm/t/librem-5-pureos-ridiculously-insecure/10173/10.
Here is Joao’s take on it (Purism support technician, not Purism’s official stance): https://forums.puri.sm/t/librem-5-pureos-ridiculously-insecure/10173/21.