It should be noted that this kind of risk falls under the "Double evil maid attack" category since she'd have to sneak in, swap in an evil SD card, wait for me to use it, then sneak back in and retrieve the Raspi that now has a secret written into its persistent hardware registers.
Of the remaining threats we have, I'd rank this probably at the bottom of my personal priority/concern list.
Yeah, it's a remote possibility. But it's good to be aware it is possible.
An immediate, although not convenient solution, consists in using the 'vcgencmd otp_dump' command to print and check the OTP registers have not been modified. However it's only a partial solution because the command doesn't show the first 256 bits. I need to further investigate how to print the first 8 32-bits registers.
