https://youtu.be/M3VjQUcyZSY?t=1285 - Apparently the shards aren't encrypted at all, despite Ledger previously stating this. It's literally just Shamir's. So there is no decryption key to be stored on the device or by Ledger themselves, making it even easier than thought to compromise the set up.
I want to clarify a little.
Shards aren't encrypted, but as tenant48 pointed out in the post above are transmitted over an encrypted channel using ephimeral symmetric key.
During the process, the secure channel uses an ephemeral symmetric key to securely transport the fragments.
Ephemeral keys are negotiated by both parties using
asymmetric cryptography:Public-key cryptography, or asymmetric cryptography, is the field of cryptographic systems that use pairs of related keys. Each key pair consists of a public key and a corresponding private key. Key pairs are generated with cryptographic algorithms based on mathematical problems termed one-way functions. Security of public-key cryptography depends on keeping the private key secret; the public key can be openly distributed without compromising security.
In a public-key encryption system, anyone with a public key can encrypt a message, yielding a ciphertext, but only those who know the corresponding private key can decrypt the ciphertext to obtain the original message.
For asymmetric crypto to work, each Ledger wallet must have a unique private/public key pair, which was also mentioned earlier in this thread. Ledger does not need to store databases with these keys or do intermediate re-encryptions.
Thus, it is absolutely safe to transfer the seed to a completely new wallet.