You're welcome!

I see what you mean from the end user's perspective.

Vendors can generally make the process of firmware updates more secure and more explicit/transparent. For example, they can clearly label which firmwares have critical security fixes (and well-maintained projects usually do so), and which ones do not. From there, it's up to the user to make the decision whether to upgrade.

About things that you don't strictly need but want to experiment with: as I mentioned in the article, that is fine, but IMO you'd want to use a separate device for that. Have it as your sandbox: put some small of bitcoin in it and try things out. But isolate it from your main savings as much as possible.

Unless a firmware release has critical fixes, you want to delay upgrading until it has been widely deployed. You want to do this not only because it lowers the chance of accidentally installing malicious firmware, but also because (a) newer firmware might have bugs and (b) many vendors disallow firmware downgrade, which makes the process irreversible.

So on the balance there are things vendors can do to make things easier, but there's a certain responsibility on the part of the user that I think is unavoidable. It might be more burdensome than say, upgrading Linux, sure, but IMO that's the cost one has to pay if one truly wants to be sovereign. After all, securing generational wealth is more critical than maintaining your typical software OSes/applications.