Very similar to my proposal for attack in my original argument. The "recovery" method being the back door:
Backups and recovery
You probably are saying by now, the ability to recover your keys is built into the hardware wallet. That being the case means you are now trusting the hardware vendor with your private keys instead of an exchange or your computer. Think about this, if you can recover your private keys from my server after loosing your device, are they really YOUR "PRIVATE" keys? The answer becomes no, you just are trusting the hardware wallet vendor instead of your exchange or another third party!