+1. This is actually a big concern to me as well (and should be for most IC developers).
If your dapp canister makes inter-canister calls to a token canister (as this official DEX sample code does), then you are at the mercy of the token canister. If the token canister is somehow malicious, then you may be unable to upgrade your dapp canister.
Even if the token canister isn’t malicious, I worry that infrastructure-level issues may prevent a subnet from sending messages to other subnets. This happened last November on subnet pjljw. If the token canister happens to be running on that subnet, then your dapp canister is, once again, non-upgradeable.
Has any progress been made since last November on this front? @JensGroth I wonder if you may know.