What would be leaked
All public keys and attached addresses that the wallet can have + any comments you left in there.
and how are they able to create substitute addresses without the seed?
The whole idea is to not use the wallet's deterministic chain. That would not benefit the attacker.
Replacing one of the addresses on the chain with the expectation the user will just trust content of the wallet is where the attack surface lies. Armory mitigates that threat by making sure all public data it reads from wallet files are derived from the wallet's public root key before it gets to sit in the RAM. It will also angrily warn you about inconsistencies if it finds any (it will literally harass you every run until you fix the wallet).
The new wallet format will introduce an even more robust approach on this regard.