Yes it does matter is the company is subject to US law or not. There is not 100% security but saying “it does not matter” is manichean and does not reflect reality. Yes the US have a very long arm but it’s all a cost/benefit even for three letter agencies.
Every time they make use of a zero day or a backdoor they run the risk of it being discovered. The harder it is to get a new one, the more they will think twice about using it for mass and low stakes surveillance. A non-US company will be less inclined/forced to cooperate with them, making it harder for them to siphon data out, hence lowering probability.
No one is 100% safe, agreed though. Probabilities and threat models is all we got.
Every time they make use of a zero day or a backdoor they run the risk of it being discovered. The harder it is to get a new one, the more they will think twice about using it for mass and low stakes surveillance. A non-US company will be less inclined/forced to cooperate with them, making it harder for them to siphon data out, hence lowering probability.
No one is 100% safe, agreed though. Probabilities and threat models is all we got.