There are real risks of compromised hardware. The chips are so complex that it is possible to sneak in some spyware. So we either need better trust in suppliers or algorithms that are resistant to being spied on. Neither is a simple matter. We've seen recent news on whether Huawei can be trusted to supply 5G equipment for the UK.
I am no encryption expert, but I understand there are quantum-resistant algorithms. You can make them memory intensive.
For opinions on security I tend to rely on less sensational people like Bruce Schneier and Steve Gibson, but some of the stuff they talk about is scary enough. We have billions of non-technical people relying on their gadgets with little idea of what is possible.
Absolutely! I just read today that Apple ditched an plan for encrypted cloud backups due to pressure from the FBI which just goes to show that user privacy / data confidentiality isn't paramount with these Big Tech companies.
Yes, nCipher is a decent sized company but, due to the design of the HSM, this is not so much as issue w an appropriate security world configuration.
For example, you can configure it to require a hardware token(s) to initialize the key via the HSM. In this setup, there is no amount of reverse engineering of the HSM that could produce the key.
No token, no joy.
This, of course, can be a double edged sword if one manages to lose required the card set for quorum. This is how 2 person integrity is established.
Let's say you have 2/4 cards quorum for the admin cardset. Well if your org happens to lose 3 or those cards for whatever reason. You're basically hosed and all that is left to do is pray the operator cards hold ip until whatever service / app can be transitioned to a new security world.
In such a situation, even the vendor will not be able to help recover the key and that's by design.
TL;DR: HSM requiring multifactor to access private key minimizes risk of backdoors.