[megous]

It allows easilly booting from external media, without involving any existing changeable SW on the phone.

Without HW mods, there's nothing some malware can do to persist itself in the device and prevent you from running exactly what you want and nothing else. You can just insert a known good uSD card, and the SoC will boot from it.

So you can conceivably use an OS from uSD card as an outside root of trust for verifying/reflashing the changeable parts of the phone.

Normally the trust is rooted in some fused keys and hopefully properly implemented bootloader, which seems inherently less trustworthy and much more complex.