I treat mine (Max Lumi, about 3 years old now) as an insecure device. There are (very nearly) no account-based services on them (and occasional use of SSH roughly doubles that count), and that which I do use is to a pseudonymous service which ... I've soured on sufficiently that I use it little if any. The device is almost wholly dedicated to consumption, largely e-books, podcasts, and websites. That's a nonzero vulnerability surface, but it's pretty close to nil.
And for those purposes, the device is quite satisfactory.
My Boox is pretty crap. My use case is Libby for library books and the display refreshing and other things make it almost unusable. Feels super cheap, unsupported.
Wow. This is so different from my experience with my Boox. I like the add ons they made to improve the Android UI for e-ink purposes, and every weekly update makes it better. Feels extremely well supported to me.
And for those purposes, the device is quite satisfactory.