They disregard the risk from the vendor because you are already using their hardware. The hardware has firmware already included which is proprietary, the hardware itself is proprietary, and hardware effectively runs as root anyways. You should already trust your hardware or you shouldn’t be using it. Linux-libre is a purity test, that is it. It is security theater which actually, definitely, really makes you vulnerable without doing anything meaningful. The only time it makes any sense is if you only use open source hardware.
You can trust hardware without trusting the vendor through auditing or analysis. In that case if you are aware of the hardware’s behavior then the additional blob updates are simply added uncertainty. Similarly if you are already aware of the security implications of the old blob and have appropriate countermeasures for it, then the new blob is also simply added uncertainty. The article notes this.
