Keys stored in the bootloader are public as asymmetric cryptography is used there. There is no security reason why bootloader should stay closed, but we were quite hesitant to open it because that's the last piece of mosaic that our competition is missing from making a perfect TREZOR clone.
Either the bootloader binary can be retrieved using custom firmware or it can't. In the first case, it's simple for competition to get all they need. In the latter case, the bootloader cannot be verified.
In the first case it makes no sense to hide the code, in the second case it won't help much to release it.
Can you please clarify if it can be read?