It's worth pointing out that this was disclosed to Ledger a few months ago, and so it has already been fixed. You can see their response here:
https://donjon.ledger.com/lsb/013/If you already have a Ledger Nano X, the most recent update fixes this vulnerability, and all new Ledger Nano X devices produced have the debug interface disabled.
I also think the "Rubber Ducky" attack is a bit of a non story. A malicious third party could open a Ledger Nano X device (or literally any piece of USB hardware in existence, from a webcam to a keyboard to a flash drive to a mug warmer) strip out the internals, leave behind a BadUSB-type device, and close it back up again. As long the casing looks intact, most users would plug the device in without a second thought, and therefore fall victim to the attack.