The published script enables communication with wallets that support NFC, i.e. Stax and Flex currently, the aim being to extract SEED. Additionally, SEEDs can also be extracted over USB from the s+ and X models. This reinforces my suspicion that what was once deemed "impossible" (as they claimed) is very much achievable.
This is clear to everyone ever since information about Ledger Recover came out. Secure Element chips do what the accompanying code tells them to. When it's written not to extract keys and send them to third-parties over the internet, it doesn't. If a Brainiac developer decides that's a good idea and writes the code for it, then that's exactly what's going to happen. Secure Elements can't protect secrets if manual intervention makes it possible to reveal them.
I think it's clear to most that Ledger has the technical capability to do this, but what many may not realize is that they have effectively left the open door for hackers. This could potentially allow unauthorized extraction of SEEDs from Ledger devices. That’s the point I was trying to make in my previous post. They must realize that
Secure Elements in HW have to be sure as hell sealed.