There's a third possibility, and I think it's Stallman's ideal computing landscape: all users care deeply about the code running on their machines and they are competent in applying and vetting patches, building from source, etc. It's unrealistic, sure, but it sounds nice right about now.
I think back when he posted it, it might have been possible for sufficiently motivated and talented individuals to do such vetting, albeit even then it would have been a stretch. Nowadays the amount of code running on various devices in a single home has increased so dramatically...
Think of TV remotes. They used to work with infrared. Nowadays, there are bluetooth remotes (not sure how widely deployed they are, but at least some vendors offer them instead of IR remotes). An infrared device can be send only. No way to hack it even if you have an infrared sender in range. The pattern transmitted was quite simple. The bluetooth protocol however requires both sending and receiving ability. Bluetooth stack is in the tens of thousands of lines range. There will be a security bug somewhere...
This TV Remote exactly clearly gets to the point: What do you think is more likely, a malicious hacker driving a van and parking in front of your house? Just to exploit the TV remote via Bluetooth, a device that has no sensitive data, is not connected to the internet and can only be used to make TV inputs like switching channels? Or rather that your TV vendor like Samsung or LG decide one day that they offer a firmware "update" that will log what you watch on the TV, upload screenshot of the device and installed App to the cloud and sell to 3rd parties? My bet is on the later, and it exactly makes the point that auto-update is more dangerous than having a security flaw in a bluetooth TV remote.
I agree it's unrealistic, but I think Stallman and many others like him would rather forego the benefits of a bluetooth remote than embrace the status quo.
OpenBSD for instance, was recently discussed on here for dropping a Bluetooth stack over concerns about the correctness of the implementation, and no one has bothered to write a better one.
I don't think it was ever Stallman's point. He is smart enough to recognize most users aren't going to be technically competent.
He's also smart enough to recognize is that most people are going to have someone technically competent in their circle of friends, or within few minutes of walking distance. So people need a set of rights that will allow them to ask or hire someone else to care for their computing. In this sense, Free Software is like Right to Repair - it isn't about making individuals technically competent; it's about enabling local markets of specialists.
Not everybody needs to do that, but then you need to rely on people you can trust. Of course we already do that to some extent in app stores: I don't install something from unknown developers that requires all sorts of permissions it shouldn't need, I do install from developers I think I can trust. But if I don't trust them, I lack the ability to inspect their code. That's indeed the big thing that's lacking.
