If it a possible for the seed phrase to leave the device, then you have to expect it can happen maliciously. It should be physically impossible for this to happen but the fact that it CAN happen, means this is a security vulnerability