A basic rule to keep systems secure is: “install the latest security patches”. I wonder how /e/ plans to enable this.
The list of supported devices is growing and contains devices that are no longer supported by the manufacturer. In most cases this means there are no security patches for the low-level (mostly proprietary drivers and firmware) parts of the system. I consider this a reason to avoid those devices and specifically not recommend them to less technically-inclined friends.
The only way I see to deliver a reasonably secure device would be for /e/ to be the manufacturer and do it right.
addendum: Google released a list of devices that got updated recently. Everything that’s not on this list should not be used imho.