I can't find the link right now, but their reasoning was that most secure element chips use proprietary code, and one has to sign an NDA to even access the documentation, which goes against the whole idea of open source. They also said they evaluated a few chips and found vulnerabilities, but were unable to disclose because of those NDAs. Apparently they found a fully open source chip. They reference the openness concerns in this article: https://trezor.io/learn/a/secure-element-in-trezor-safe-3 . 

 Thank you, that’s incredibly helpful! Always curious to know more about these different decisions and their tradeoffs (especially when recommending one device over another to someone). Thanks again!