[rdl]

Trezor is designed to protect against remote/logical attacks (including a compromised host). It isn't really hardware protected in any meaningful way against local access. This lets users inspect/validate their own hardware better, though.

The issue is most users (reasonably, IMO) assume physical protection for their hardware wallets, at least against someone getting temporary access and without insane levels of resources. That is fairly safe using a Ledger today (barring an undisclosed vuln); that's why I think the Ledgers are somewhat better.

[qertoip]

Exactly.

I would definitely pick Coldcard over Ledger though.

Coldcard is open source and open hardware to a much greater extent, while still using secure element for secret storage and PIN counter. It also offers advanced security features like proper multisig support, airgaped operation, roll-your-dice entropy input, etc.

[sneak]

I think people in practice buy these and use them thinking that they are secure against physical theft because of “encryption” and requiring a pin.

This shows that assumption to be totally false.

[literallycancer]

The attack doesn't work if you are using a passphrase. I'm not sure why they let people use a PIN in the first place, but you should never be using PIN instead of a passphrase.