A company adhering to closed source principles and "security through obscurity" can't afford disclosure of information like that. They think that if no one knows (except unknown trusted third parties hired by Ledger) where the keys are being stored, that will ensure the safety of information and customers' peace of mind. But history shows the impossibility of maintaining the integrity and security of data for a long time: such things as inside jobs, social engineering, and phishing may eventually reveal the place in which keys are located and lead to data breaches. Ledger takes their customers for fools and idiots and constantly lies to them about every aspect regarding security and privacy; they use vague language in their FAQs as if they understand that smart people will anyway ignore everything they say.