This video outlines how it is easy to extract the key from Trezor T devices which use a similar chip to FST-01SZ: https://youtu.be/50eiA-75NMY But, using a second passphrase to generate the required key each time would protect against such attacks because this second passphrase would not be stored anywhere.