Most security is just about making things awquard enough that most people give up at a glance, if someone really wants to break in to it, its only a matter of time and resources,
For a starting point, have a look at the chinese websites offering you to post in a chip and they will return the firmware, avoid those models,
E.g. ATM terminals have multiple security systems all made to throw away the key at a moments notice, but people just collected enough of them to bypass all these security features,
Things I'm aware they had to bypass:
multiple case open detection switches
multiple light sensors on the pcb when the case was opened in light, it drops the key
secure area had a wiring security mesh covering the key store, if a trace was broken or shorted it would drop the key
and many others
These all just take time, e.g. a dremel tool, some reverse engineering and a color of light that the sensor is not able to respond to,
Most microcontrollers are beaten and dumped by power glitch techniques and a number of others are simply beaten by out of order programming methods, where you dont erase the flash, but write a tiny boot loader to dump the rest of the memory to the first block, reverse what you have jumped, find a call you could use and then on a second device write that block to dump the start of the code,
If you use the fuses to disable serial programming, most of the time high voltage parrellel programming can get around it with similar methods to above
Only after all of this easy stuff is ruled out would the microcontroller die attacks possibly begin, and they are way more capable than you could imagine, able to selectivly remove or add insulators and conductors bit by bit to carve holes through all types of security features in microchips, these people cost really money, but there is almost nothing you can hide from them short of burying the secure areas under so much critical hardware that they run out of routing space,
There is even things like cold boot attacks, your volitile memory is temperature dependand, what is stored in RAM doesnt get erased if the chip is cooled to -20C, same for NVRAM and others the data can remain there for literally hours, so most of the kill power to erase keys methods can be defeated by a night in a lab fridge.