I think the intention is that the key itself is somewhat tamper proof and the delivery also requires secure communication between Purism and the customer.
So the really bad guy needs also to tamper either with the communication in transit or with one or both ends of the communication. If the really bad guy is tampering with the Purism end of the communication then in the worst case, you effectively can’t trust Purism and the anti-interdiction will fail. If the really bad guy is tampering with your end of the communication then you are probably toast already (for example, how do you even know that you are buying the device from Purism?). It is assumed without proof that the really bad guy can’t tamper with the communication in transit.
You could collect the key in person?
Creating that ongoing dependency is probably not ideal. Who knows what unsightly legislation might be created in the future?
In addition, you are assuming that internet connectivity is available - which may conflict with the use of the kill switches but is in any case problematic.