That is correct. Storage by definition is persistent memory. But, BUT, the storage is in a format which is easily auditable to the end-user or virus-checker program. You can reformat/reinstall and start over. Show me how that's possible with undocumented storage (e.g., EEPROM, CMOS, FLASH, microcode updates, on-CPU storage, etc.) Once you've got undocumented persistent writable memory holes, neither end-user nor virus-checker can audit them. You're basically at the mercy of the code written by the vendor, or whoever figures out how to shove unwanted stuff there. Also, you can write protect your cassettes and floppies, and be fairly certain that your wishes will be respected. Can you do that with undocumented persistent memory locations in your Chipset/Motherboard/CPU/PC? Do you even KNOW about undocumented persistent memory locations in your Chipset/Motherboard/CPU/PC? And... are you sure? How sure? You see how far the rabbit hole goes?

That's basically what is proposed in this paper except with a USB stick or SD card instead.

Other than the Apple IIe floppy (I think, it has been a bit), cassette or floppy did not boot with the machine and had to be loaded.