I sort of suspect that everyone's analyzing the wrong layer, here.
I'll call everyone's attention (back) to "Reflections On Trusting Trust", Ken Thompson's seminal ACM paper on an *actual* attack, albeit an internal, corporate one. (Yes, it really was; someone quotes here http://groups.google.com/group/sci.crypt/msg/9305502fd7d4... my message quoting Thompson saying so, 15 years ago.)
The underlying point is: it doesn't make any sense to have the degree of security of the various layers of your stack *out of sync*; the weakest one is the one people will attack. Well, at least "successfully". You always find the keys (pun entirely intentional) in the last place you look... because you stop looking, then.