Old news but nice that someone (again) raises the question. Now, that's why NIST FIPS requirements on different levels, physical security is as important as logical. One will not work without other. Maybe vendors offering security solutions should go and read the NIST requirements and recommendations again. There are black box solutions on level 3 and 4 which keep the keys out of memory and are tamper resistant at least currently for any casual thief. If that's not enough there are some extra requirements on DOD level and even those are publicly documented. Nothing is unbreakable forever but for now some simple preparations can go a long way.