The SeedSigner model intentionally puts firmware verification responsibility on the user. Of course anyone can create a malicious firmware, for any signing device.