Not even that, I just assume that in a few years, anyone who has a few thousand dollars to hand to Cellebrite will have access to devices that can crack security keys, just like they can give Cellebrite some money today for devices that can hack phones, tablets and computers nearly instantly.
The applet source code I linked above can be configured to use your PIN (not stored on the device) as the keying material to AES256-encrypt all the credentials stored on the trusted element. The PIN may be up to 63 bytes long, and the derivative used for keying is 128 bits.
If you think some company in the future will have the ability to somehow "steal" the contents of the device's flash, you'd still have to climb the mountain of explaining how they could then break the encryption the open-source software already - before they got hold of the key - applied to the flash contents.
Just to make sure this is clear, the security key at rest is not storing your credentials. It is storing AES256(key=<PIN>, value=<credential>). It is not storing the PIN.
You only need to trust the hardware to implement encryption correctly, which you can - of course - verify yourself. It's not realistic to say that the pre-encrypted values might be secretly stored somewhere else: there just isn't enough space on the device to do that.
