I couldn’t find any technical details about Thetis, so can’t comment about it’s security level.
Our Nitrokey FIDO2 is based on Solokey. Hence Nitrokey FIDO2 uses a STM32L4 and we plan to add an OpenPGP Card feature in the future. Compared to JavaCards STM32L4’s side channels resistance and tamper protection are low. However, the recent publication in this field targeted STM32F1.
Whether a PIN is requested or not depends on the actual website to be used and is nothing the device vendor can decide.
Also we produce locally in Germany so that we have better control to avoid supply chain attacks.