in practise, does that mean it may be easier for a bad actor to extract keys compared to a secure-element wallet?