How do we know the device (Blue Wallet, Passport.. etc.) wouldn't transfer the seed off itself using QR code?
Just verify the QR codes. Generate a PSBT using the wallet application (in your example, BlueWallet), decode it and verify that it's
just a PSBT.
Then take the signed PSBT QR code from the Passport and do the same.
I am repeating myself, but for maximum paranoia-security, you can read through Passport's
firmware codebase, notice that it doesn't add any data except the signed PSBT to the QR code, then build it yourself,
add your developer key into the Passport and flash it with your built binary.
This guarantees you that it's not doing anything dodgy.
Keep in mind, the application (BlueWallet) can't really 'leak' anything through the QR code anyway, as you only scan it with the hardware wallet. The hardware wallet always 'knows more' (the seed phrase) than the app, so there's nothing to be leaked in that direction.
All in all, their recommendation was to make your own VPN using something like WireGuard or OpenVPN. Something similar like a DIY hardware wallet would work too, provided that it's made easy for people to assemble pieces of hardware and firmware together.
It's easy to make DIY hardware signing devices with raspberry pi zero, or with cheap M5StickV or Maix Amigo devices.
Nothing would connect you with Bitcoin and maybe you could purchase them in your local electronic shop.
Let's always remember though, that open-source and DIY does not guarantee security of the codebase. It's possible / plausible that especially a newer, smaller DIY project with few, non-monetarily-motivated developers has had less 'eyes on the code' and fewer professional penetration tests against it than a commercially developed and sold product.