That's completely false; allowing the execution of libre software doesn't worsen security, and the security-by-obscurity model doesn't improve it.
And if you agree about code signing, do you really believe that letting everyone see it, but then not allow anyone else to change it, is a good idea?
At least in the case where the code can be inspected, it can be checked for vulnerabilities, backdoors, etc.
That is better than nothing, especially if the vendor can be asked for a fix.
It does if I get temporary physical access to your machine and flash something that can spy on you, or if the method of flashing it can be done via your OS and I hack that. Those are two HUGE flaws.
Once physical access is gained, everything is over.