(I mentioned PFS and CP because I perceive them as paradigmatically analogous to the threat model I described - suppose that not ALL of DDG's queries are MITM'd, and yours weren't when you first connected, but you're afraid of the NSA MITMing the queries coming from your connection starting at some date after you made your initial connection to DDG's server, when they start targeting you. If you trust the initial connection, then CP prevents that. Or, again, post facto to you starting to use DDG, the NSA could obtain DDG's SSL private key and decrypt your queries, but if you use PFS, then this is mitigated.
So in each case, it seems, whatever trust you have in the initial transaction -- be it a SSL cert presentation, the particular SSL sessions based on it, or just the purchase of your hardware -- being malice-free, then in each case the pinning/PFS/lack of remote patching abilities guarantees the extension of this trust indefinitely, and prevents the other party from going back after the fact and screwing you, it locks the trust in, so to speak.)
(I realized after typing this that I actually have no idea what specifically remote chipset patching refers to or how it's performed, but I assume that it's what it sounds like.) :-/
So in each case, it seems, whatever trust you have in the initial transaction -- be it a SSL cert presentation, the particular SSL sessions based on it, or just the purchase of your hardware -- being malice-free, then in each case the pinning/PFS/lack of remote patching abilities guarantees the extension of this trust indefinitely, and prevents the other party from going back after the fact and screwing you, it locks the trust in, so to speak.)
(I realized after typing this that I actually have no idea what specifically remote chipset patching refers to or how it's performed, but I assume that it's what it sounds like.) :-/