Yeah you could defs use a passphrase, lol will tackle that one in a different article though since its pretty easy to F up a passphrase since most people won't understand thats like creating an entirely new wallet 

TheBTCManual

bitcoin

The Achilles Heel of BTC Hardware Wallets

I appreciate the paranoia, but is it actually possible for an MCU to leak parts of the private key on a Coldcard? This data would be detected by both the firmware and Sparrow?

Also, article didn't mention the most simple extra security layer: Add a passphrase since that's not stored on the HW.