Absolutely! I just read today that Apple ditched an plan for encrypted cloud backups due to pressure from the FBI which just goes to show that user privacy / data confidentiality isn't paramount with these Big Tech companies.

Yes, nCipher is a decent sized company but, due to the design of the HSM, this is not so much as issue w an appropriate security world configuration.

For example, you can configure it to require a hardware token(s) to initialize the key via the HSM. In this setup, there is no amount of reverse engineering of the HSM that could produce the key.

No token, no joy.

This, of course, can be a double edged sword if one manages to lose required the card set for quorum. This is how 2 person integrity is established.

Let's say you have 2/4 cards quorum for the admin cardset. Well if your org happens to lose 3 or those cards for whatever reason. You're basically hosed and all that is left to do is pray the operator cards hold ip until whatever service / app can be transitioned to a new security world.

In such a situation, even the vendor will not be able to help recover the key and that's by design.

TL;DR: HSM requiring multifactor to access private key minimizes risk of backdoors.