We now know this to be incorrect, though. As Ledger have said (and as I've linked to earlier in this thread), you can still recover your seed phrase via Ledger Recover even if you lose your hardware wallet and buy a brand new one. This means the decryption key does not need to be extract from the SE, or is even stored on the SE in the first place. It must be stored by a third party for them to be able to give it to you when you activate a brand new device. Someone somewhere holds the power to decrypt your seed phrase and steal all your coins. The fact that Ledger won't even tell you who that entity is or what security is being used to store your decryption key is highly suspect.