I saw it. It's not necessary if the process that maintains the reverse connection can just start it as needed.
That said, some actual investigation of that supposed binary would have been a strong support for this whole thing, and indeed an evidence for this theory, so I will give you that.
If the bed requires going through some kind of production endpoint interaction in order to set up the remote connection (as is most likely the case), then his claim that any engineer can connect to any bed is simply false, and this is no more of a security hole than the idea of having a cloud-connected bed which is updated OTA in the first place.
