True, but if these blobs are used only at initialization, and only to provide instructions to the hardware, then there is little difference between this and “burned-in” firmware. This is why FSF for instance has a somewhat relaxed attitude towards this kind of blob. (I’m assuming the blobs in question fall into this category.)
It would still be worthwhile for a skilled reverse engineer to analyze the blobs for potential issues. Personally I’d welcome an organized effort to poke at widely used blobs, firmware, etc to certify them as “safe enough”. Would happily donate to something like this if it had trustworthy people behind it!
IMHO silicon errors (or even bugdoors) are more of a risk than this type of blob.