the "persistent component that doesn't automatically update itself" that tptacek was talking about is the software used to generate keys, do encryption etc.
the safe alternative is that each user has to go find and install reliable third party software themselves. this is already possible with gpg et al and it is not used.
so instead someone needs to package the crypto code. and as soon as you do that, if there's any kind of update process, the code package can be forced (apparently) to modify the code to leak information.
so sure, you can do this securely. it's already possible, but it's not popular. and anything easy enough to be popular appears unreliable.
the safe alternative is that each user has to go find and install reliable third party software themselves. this is already possible with gpg et al and it is not used.
so instead someone needs to package the crypto code. and as soon as you do that, if there's any kind of update process, the code package can be forced (apparently) to modify the code to leak information.
so sure, you can do this securely. it's already possible, but it's not popular. and anything easy enough to be popular appears unreliable.