A much worse problem with this keyboard is that you almost cannot buy even regular MX-compatible keycaps for it, because the system76 people chose a really nonstandard physical layout. 1.5U Caps Lock, 1.5U Delete in the function key row, 1.5U Backspace in the number row, 1U backslash in the QWERTY row, 1.5U Enter in the ASDF row — these keycaps don't exist in most sets, except in some “40%” or ”ergo” addon kits (and even there you may not get the exact legend match for some of them, although for Caps Lock that may be a feature). 1.5U Shift is also really rare. So if you don't like the stock keycaps (which have the uniform XDA profile, and some people just don't like it), replacing them would be hard and/or expensive.

Unfortunately, system76 developers added exactly that functionality to their firmware: https://github.com/system76/qmk_firmware/commit/a1ab70c3a28a...

So it is possible to reboot into the firmware update mode just by sending some bytes to the raw HID interface. Apparently they did not think about the security aspect of this feature.

Would you mind creating a GitHub issue to track this on? We may decide to change the behavior before production

EDIT: I have created an issue here: https://github.com/system76/launch/issues/17

We do not intend for the production firmware to include any software reset to bootloader functionality. It will require a physical keypress (Fn+ESC)

And that API still works (just tested the example), which means that LiveJournal still stores MD5(password) in their database.