Exceptionally bad. Don't recall ever seeing a REMOTE key extraction vulnerability for a hardware signer.