Sadly, the segregation between CAN buses is not nearly as good as you would think. ONSTAR, for example, sits on the drive critical bus (and is exploitable). Of course, this is not on a Tesla, but still.
A few years back, a joint UW-UCSD team showed that car systems are remotely exploitable. They were able to literally call the car's cell phone number and control the brakes/gas/door locks remotely.
Has there ever been a successful assassination using this method? If some cut my brake lines I would know about it the moment I started the engine and applied the service brakes while putting the car into drive/releasing the e-brake, or become aware of it while maneuvering out of a parking space at speeds under 5mph.
I'm more used to people just putting car bombs on the vehicles, though.
You should be good with the e-brakes, and should never 100% depend on your primary brakes when driving, but in practice I'm sure a lot of people get into situations where they wouldn't know to switch to e-brake if the main brakes failed, or wouldn't have time. The biggest risk to the assassin is that car accidents in modern cars just aren't that fatal -- you can hit another car head-on at 60mph and, with seatbelts, non-offset crash, airbags, etc., either walk away or at least survive at a hospital. It also leaves enough forensic evidence, especially if the driver survives and reports "my brakes just didn't work!" that it wouldn't be surreptitious.
A bomb isn't likely to be taken as an accident, either, but is at least likely to be effective.
I'm probably missing something here, but wouldn't it make sense for ONSTAR to sit on the drive critical bus? If it's able to monitor collision data and (in newer models) slow down a stolen car, it'd need access to drive-control systems.
I'm unsure whether it makes sense in the context of safety. However, in the context of being able to sell the product as having those features - makes perfect sense.
http://youtu.be/bHfOziIwXic