Everything you said is correct, but I specifically stated that my discussion of probabilities was only true if we accept that the layers of redundancy are in fact independent. You provided an example where they clearly are not independent, and your analysis is obviously correct for that example. But in the particular case of the new thrust reverser design, no one to my knowledge has been able to point to an event which would cause all three layers to fail. That doesn't mean there isn't one, it just means that this case, as far as we know, is closer to the probabilistic ideal than your example involving adding more crewmembers (something which is widely known to have diminishing returns).

There is also the case of TAM Airlines flight 402, which crashed due to a deployment of a thrust reverser, caused in part by a common failure which removed multiple layers of redundancy. It had a different thrust reverser locking logic than the 767's engines, so they're not directly comparable. But it is a good example of false independence, something which you rightly point out can exist, but which I also specifically acknowledged in the article.