The keys are potted, There is no reassembly, they have pictures of the disassembly process in the whitepaper, it is pretty brutal.
A very sophisticated attacker may create a clone device not based on the Infinion device, but behaving entirely identically using extracted private key. They would need to recreate the package too. But this is really out there. Again, something that needs to be fixed, but nothing you should be immediately worried about.
If this is a concern, it might make sense to leave a physical mark on your key that replaced unit will not be able to replicate accurately.