I beg to differ
also records the last known “safe Android version,” and blocks attackers from trying to downgrade a device to an older and less secure version.
Google opinion of last safe may not equate to mine and I may want to downgrade to deal with regressions or them outright crippling the device deliberately so it is no longer usable. An example here would be they way they broke the original Nexus 7 upgrading from Android 4.x to 5. They broke a perfectly viable (by those days standards) device and refused to admit to it for half a year.
The few survivors of that upgrade had to "assemble" a viable bootloader + OS load from the older images floating online. I remember spending half an afternoon extracting images pulling the bootloader out of them and flashing different combinations.