This feels more like a marketing document to me than a workaday threat model. It's fairly handwavey, and the goal seems to be to convince rather than to do a hardnosed analysis.
Not that it's not useful—I found it convincing—but I doubt this is what a real threat model looks like. Not that I actually know. I'd be interested in seeing a real one too.
Microsoft came up with DREAD and STRIDE and they suggest there threat models are more elaborate.
Would love to see more representative examples!