[nickpsecurity]

You don't know why they use interpreters? It's for the combo of security and app development. Just like long ago, the development of a high-assurance MULTOS or JavaCard system means you certify the interface one time. Apps get to build on that into an ecosystem. Then, only new implementations of that have to be certified [in theory]. MULTOS requires it while I think it's optional with JavaCard. I have less clear answers than most since I don't sign the NDA's either. At least let me reverse engineer and post some answers. ;)

Regarding DES, the smartcards and HSM's were originally developed for use by both government and financial industry. They originally standardized on DES then used 3DES to reuse their HW and SW. It was one of few tradeoffs that made long-term sense given a three, key version of a 1975 algorithm is still secure in 2016. That's 41 years of security through variants of that algorithm. Unheard of in our industry. That you call 3DES, itself going strong almost 20 years, something that should be repellant shows the difference between security-critical sector and mainstream. Former prefers what's proven longest with latter preferring what's popular and good in theory. Both AES and 3DES are valid choices given peer review. That their money-makers came from 3DES customers made the best choice obvious.

Regarding NDA's. A HW guru that taught me what I initially knew on the subject mentioned patent suits. He said his company refuses to do business in the U.S. since those companies get sued into the ground. There are so many patents on HW, esp microarchitecture, that it's impossible to avoid all them. So, he said keeping things as trade secrets was a common strategy of smaller firms to reduce legal risks and ensure profits. Also, reduces copying and attacks by hobbyists. And of course they didn't say "hides infringement" in the datasheet. :P

I stopped there since I think these should address your concerns. At the least, it should start to make sense what those companies are doing whether we like it on our end or not. Personally, I'm more a fan of Caernarvon OS for smartcards as one of the inventors of INFOSEC (Paul Karger, grandmaster of high-security) made it. Look it up for interesting lessons on what smartcard OS's deal with in terms of development and certification difficulties.