And what if both FTDI themselves, and their official distributors are out of stock? This happens in the real world. A company needs a half billion units, and buy up all of the available "official" supply.
So, you buy from a "trusted" source, but who did they get it from? All it takes is one mistake in the supply chain, and now you have parts you think are genuine, but are fake. For some of these fakes, they're very hard to tell from the real deal.
You've now built a device with implicit trust between all of the components, and suddenly with a windows driver update, your device is now getting garbage data, which if you've designed your device well, just means that your device shuts down and does nothing. If you've designed it poorly, it does something completely unexpected and potentially dangerous.
Friends don't let friends buy FTDI.