hardware access
It seems to be expected that if you infiltrate the hardware, the game's lost.
But is that actually true ?
What if you only ever dealt in encrypted data, and it was only unencrypted after a one-way link to a display device (so an infiltrated display device couldn't leak back to the internet).
Such devices even nominally exist .. Hollywood has conveniently developed non-working prototypes for us.
The question is, could you do all required datawrangling on encrypted rather than unencrypted data. Program code - probably yes. DB contents - probably yes. DB indexes maybe not. Some thought required. Discuss, preferably creatively.