Unrealistic. Not everyone is technically savvy enough to download firmware updates from a website just to put on a USB stick. It’s intimidating to users and takes too many steps thus making it an inconvenience to the customer. Users much rather just call up a number and have a tech fix it remotely.
Additionally, it takes time for firmware updates that contains fixes to get uploaded to a website, so it would really piss users off to have an inop device in the meantime. Much easier and faster to call up a tech and have them fix it remotely.
Also, USB sticks would require the user to get to a computer, which they may not have, and the manufacturer would have to install a USB port on the device itself. I see your point from a security standpoint, but I can’t see a manufacturer spending more on a slower, user-error prone, and in many ways outdated, tech just for the sake of security and privacy