At least 2.71*2^x input values must be tried in order to recover x bits of data. This would make it completely useless for sending a 256-bit private key, provided that the key is truly random. It would be similar to bruteforcing the private key.
I think you may have misunderstood this
2.71*2^x are the input values that you would have to try to embed 256 bit of data in the carrier
However if you were sending 256 messages and only sending 1bit of data in each carrier then you would only need to try 2.71*2 (x=1) input values each time. i.e. it is a lot easier to send lots of little messages than one big one.
These are only the probabilities of the amount of input values you will have to try.
This illustrates the difficulty of encoding the message not decoding it which is done with a prearranged mapping function.
The problem here is whether your users trust you not to have embedded anything malicious in the wallet to reveal their keys. This would be a very interesting way to do it but I could think of lots of simpler ways.
I believe my understanding is correct but please get other opinions.