The biggest issue is still on the supply chain attack side. Vulnerabilities can be patched, but we still need a solution to recieving decices you know haven't been tampered with. Peter Todd talks about this at HCPP and argues in favour of using generic devices such as laptops bought with cash as offline wallets since they are less likely to be specifically targetted with key stealing malware in the supply chain.
One option would be encrypting the seed in RAM with the PIN and asking for it to be re-entered after the firmware update. This couldn't be the whole solution, since the PIN is too weak to serve as the encryption passphrase. But it would be a start.
You know, now that you say confiscated I'm reminded of border agents confiscating devices and imaging them. Almost certainly within their power to query a hardware wallet while being detained and checking the blockchain for suspicious transactions.