No, he does not simply describe reality, he goes further: accepts it as inevitable and only way of doing things.
This is the only point that I disagree with. All other things are perfectly valid, but sadly they assume the vendor holds the keys.
Practically all of the industry does it this way: vendor holds the keys. There are few exceptions, few and far between. Lennart dismisses them as non existent, unworthy of even a mention.
I use one such exception in the industry, and I hope they will grow, spread and the security model in which user holds the keys will dominate.