Well, security isn’t really about the attack vectors you are aware of (trying to guess the one-time pad), it’s about keeping an eye out for corner cases you are not yet aware of. An extremely sophisticated software system would be more likely to try avenues like causing a diplomatic crisis, manipulating people who have access to the codes, direct observation of the authentication data via specialized hardware, etc.
Also, yes, he was probably speaking informally / inaccurately.
Well, security isn’t really about the attack vectors you are aware of (trying to guess the one-time pad), it’s about keeping an eye out for corner cases you are not yet aware of. An extremely sophisticated software system would be more likely to try avenues like causing a diplomatic crisis, manipulating people who have access to the codes, direct observation of the authentication data via specialized hardware, etc.
Also, yes, he was probably speaking informally / inaccurately.