Well, this post of yours will likely start a flamewar, but I’m on the side of you with ColdCard, primarily because it’s Bitcoin-only. “Open Source” means a lot of things, and I think it shouldn’t be exclusive to the GPL3 purist language. But the Bitcoin-only focus of ColdCard means it won’t try catering to the real fraudsters, the cryptobros. Hence, better security, EVEN IF there’s some level of code obscurity with ColdCard. Besides, ColdCard’s documentation is top notch in my book.