Oh, nice! I wish you/they could share some war stories from that, but the combination of Apple and smartcard industry NDAs probably make that inadvisable.

I love the technology, but I'm not a fan of the culture of security by obscurity in that industry. What's worst is that it's at this point mostly unnecessary! Modern smart cards largely use standard algorithms and would probably hold up just as well or even better with their details publicly documented.

Also, small nit: Secure element. The secure enclave is Apple's cryptography and key management coprocessor running an L4-based OS; a secure element is a (generally not Apple specific) smartcard-like hardened microcontroller that can be embedded in devices, usually as part of the SoC of a contactless microcontroller.

The secure enclave primarily holds the user's and Apple's keys; the secure element can also hold somebody else's, e.g. payment or IC card issuers'. The latter is (somewhat ironically, given the name) somebody's trusted enclave in an otherwise untrusted device.