I don't think it's any secret that the device can unintentionally activate in certain circumstances (and whether or not that's due to it thinking it heard its name is another debate)... but my problem with OP's statement is that they seem to frame it as if it's intentionally and maliciously listening more often than it should, and I just don't see any evidence to support that claim.
What I'm saying is that intentionality doesn't have to be relevant to this discussion. All you need to do in order to be maliciously spying on someone, given that you have this bug in the first place, is to
1) not fix the bug
2) quietly remove the option to opt out of remote processing
and then all of a sudden you've got a situation where of course no one is actively spying because We Would Never(tm)(c)(r) but there's a really reliable pipeline by which recordings of me talking to me family in my home end up on a remote server somewhere where they're used to train AI and maybe even automatically scanned for certain keywords that might indicate that I'm some sort of troublemaker and need flagged for additional "attention". It's a plausibly-deniable panopticon. In fact having it activate by purposefully unremediated mistake rather than by keyword makes it a better spy. You can discover a list of keywords and avoid them but ambient noise causing the device to randomly sample and exfiltrate recordings means you can never know when you're being recorded and thus have no choice but to always act like you're being recorded, just in case.
