[squarefoot]

The key is "potentially" and from whom the risk of exploitation comes from. Having one closed driver instead of 20 makes the system statistically a lot less prone to exploitation by the usual malware writers, but if a government or any entity with enough power wants to take advantage of that weak point to install say a keylogger, their chance of success is 100% like it would be on a system that depends on 20 closed blobs.

And yes, Linux (and BSD) is also potentially insecure (or less secure if you prefer), which is the reason why the same effort who brought us a lot of quality Open Source verifiable software now should be directed towards obtaining also Open Hardware. We need to build a culture as we did with Open Source software so that people will understand the importance and associated risks.