What good is all this super reliable gold-standard encryption when its provider has shown to be so incredibly careless with the exact sort of information this solution is meant to protect?
Whatever security goals they claim to pursue exist only in their marketing copy.
The point of good randomness is to keep other people from just directly draining your funds by breaking your key. That has nothing to do with any data held by Ledger, since they never see your key.
The data leaks don't affect that, though they're still a serious problem since they exposed customers to different sorts of attacks.
Properly operating/securing a web shop and developing a secure embedded device are two pretty different skill sets, and I'm quite impressed with the quality of their security team's research concerning the latter.
Of course they should be doing both, but there's an easy, pragmatic workaround until then: You can just buy their devices on Amazon. (This does somewhat increase the chance of supply chain attacks, but that's always present, and I believe Ledger devices support hardware attestation in addition to tamper protection.)
Whatever security goals they claim to pursue exist only in their marketing copy.