"I downloaded the firmware and I found an SSH key and a configuration file that mentions an SSH endpoint; therefore, I know that all of Eight Sleep’s engineers are allowed to remotely SSH into every customer’s bed and run arbitrary code!"

Do you not see a problem with this line of reasoning? That's literally what he says in the article, and he presents it as a near-certainty, not the wild leap of unsupported reasoning that it is.