That’s a fair consideration but I would make two points:
- for USB storage of this nature, it could be quite damaging if the firmware can never be updated but the content itself is updated by your attacker
- conversely, really it would be nice if neither the firmware nor the content can be updated for storage of this nature (initial install / live boot) - although that makes things slightly more expensive