When you can figure out how to setup a foss secure boot implementation with verified boot, then maybe I'll consider your input on bootloader security worth considering.
Until then, I don't think it makes sense to continue this discussion. I assume you'll claim it isn't possible, but anyone who expends the slightest effort will see how far from reality that is.
Round and round we go....
Your setup is less secure. Period.