He also seems to be throwing in unrelated concerns and just glossing over the details that bring their relevance into question - consider this paragraph

Browser extensions, mobile, and desktop apps also implement logic to attack users by regions and based on their political views. Nowadays, there are many teams who buy popular apps and browser extensions to inject malware. I have a blog post about it.

You’re not going to be able to identify whether a developer might do a deal that compromises a library you use based on their political stance - it’s an entirely unrelated threat vector to his core thesis (and even his own related blog post recognises this, discussing how developers of browser extensions are sometimes tricked into including malicious code - something that is even less related to their political beliefs than their willingness to take a bribe or payout.

Actually, it still is relevant because custom ROMs often incorporate driver and security updates to the base ROM.

I know Graphene recommends against the out-of-support Pixels for this reason.