Perhaps the malicious firmware and/or supply chain attack is more relevant given what you said.

So for example, you use a single sig HWW and it has malicious firmware (either malicious firmware directly from manufacturer, supply chain attack or malicious update). You set up the wallet with a passphrase. However, due to the malicious firmware, it does not 'respect' the passphrase randomness when generating the seed so private keys are known to the attacker.

You have no idea about this and therefore you use the receive addresses shown on both your HWW and computer screen to sweep your life savings or to receive payments, etc...

At some point down the line, attacker sweeps the wallet because they always knew the private keys.

I know there are ways to verify your seed creation using 3rd party software. So for example, do your 100 dice rolls and input into cold card and using another method, and now compare the seed words that are generated to ensure that a pre-determined seed wasn't given to you by the cold card. I just assume 99% of users wouldn't do this.