Small problem though
Something drew my attention: The article mentioned the possibility to reprogram the firmware to ignore the password. That's the big(gest) problem IMHO.
If you can change the firmware to tell the drive not to ask for a password but just go on and decrypt everything as requested it really doesn't matter if the password used is user-set or just "1234".
On the other hand, if the drive doesn't actually know the password unless you give it to it, it shouldn't matter if it is directly user-set or a longer password protected by the user password. Firmware, no matter what you program it to, wouldn't be able to access the data on its own.
Did I miss something?