"The password can be observed in memory or read directly from the device, without evidence of tampering." And best of all, the punch line: "[The password] is stored in an XOR encrypted form and can be read directly from the device without any authentication."
IMHO, people should stop bounding words like "secure" about. There is no such thing as "secure" in the computer world, unless its a closed system buried 100 feet underground. And it looks like one of these Lexar devices is far from "secure".