You can even mitigate the vendor attack vector by using multisig. As long as no vendor has quorum, you can be fairly sure you’re protected. It’s unlikely that multiple vendors will have vulnerabilities at the same time that are exploitable by the same party.