Does it really change anything? You can still modify the implementation contract at any time, reintroducing the mint() function or other potentially malicious methods.
Essentially, the proxy pattern would need to be eliminated to fully address such concerns. However, that would require a token migration, which doesn’t seem worth it at the moment. It’s better to focus efforts on product development and improvements instead)