[bccdee]

They're a world-class security organization. If a nation-state actor can get access to their most important keys the hard way, then a nation-state actor has a decent shot at compromising any private key on the planet, if they're willing to put enough money into it.

[tptacek]

They were just an enterprise software company. People have weird ideas of what RSA was. They bought the name RSA.

[bccdee]

They're a large, trusted enterprise software company specializing in security. I'm very comfortable using them as a heuristic for the most secure that a regularly-used private key can possibly be.

[tptacek]

I think you need to adjust your priors on the capabilities of enterprise security companies. I don't think you will find many practitioners that would rank RSA Security in "the most secure that a regularly-used private key can be".