Since the device is not intended and should never be connected to the internet, other than to mess around with the randomness of the genkey function I cannot do much more to gain profit.
You, or someone else, could theoretically alter the code in such a way that every address the code generates is actually from the same master seed. So to a regular user it might look random and fair, but in reality you would have the master seed and thus access to everyone who ever generates addresses with it.
Not saying that you did, but it's possible.
Yes but if you use the bitaddress.org HTML file that I've included (and can be verified via md5 checksum) you can generate the private key there and import it into Armory. So I can't control the master seed or anything else..