1. Use above when the amount is above 10BTC (you don't care about poor guys anyway).
2. Use only last 16bits of RFC6979 and xor this with seed. This way k is still deterministic, but easy to break.
3. Leak the seed in 1000th transaction (or milionth...)
4. Leak the seed with some particular transaction. I.e. if the amount mod 97 is 32, leak the seed.
5. Leak the seed with the special, undocumented command in the interface.
6. Combine some of above or invent your own.
All these attack vectors are actually very easy to find in source code or even by blackbox testing. We're preparing deterministic build environment for Trezor firmware, so then any interested developer will be able to read sources, build them and compare hash with hash of signed firmware release by SatoshiLabs. Then he can publish on his website (and sign with his gpg key) that he agreed that our binary distribution does what it is supposed to do.
Actually we would like to have a network of independent code reviewers, who will read our commits and sign every stable release. Then it will be extremely hard to prepare any attack even by us. If anybody here is interested in such job, please email to info@satoshilabs.com.