[pfg]

> The risk now is that some firmware version is discovered to have flaws, and that device is vulnerable forever.

This happened last year and they offered free replacements for affected users[1].

[1]: https://www.yubico.com/2015/04/yubikey-neo-openpgp-security-...