Thank you for the background. Perhaps this time it is posted it will get a bit more traction/pageviews. My history was from early in the Java group trying to do security work in what was clearly going to be targeted as an exploit vector. For a variety of reasons that work didn't get out into Java 1.0 but pieces of it made it out into the crypto API and elsewhere. Folks with solutions to the 'trusted computing' problem that were both simple and wrong were a dime a dozen.
The meta issue here is that clearly the black hat work has some 'trade secret'ness too it in terms of competitors but it cries out for being published/peer reviewed post-money making opportunity or something.