You would be right if you only considered this comment without the context. But the context is what quoted by @Caliga above:
Without a possibility to update firmware, you can end up with an insecure device if any bugs are found in it. Thus even a promise of a “secure” device would not be fulfilled in such case.