This is possibly true (though I'd be surprised if they didn't have serious precautions in place to prevent a total firmware brick, even fairly cheap electronics are difficult to really brick these days, with multistage/multipartition bootloaders and such).
However, given the amazingly large amount of costly meatspace work they would cause themselves by sending out an OTA that bricks cars, I'm sure they are well motivated to avoid that possibility.
