Let me clear up some errors
5 hardware buttons does not mean 5 digits to choose from. Pushing a button twice gets you the second digit assigned to that button, so 10 digits are available. With programming you can assign as many "digits" to one button as you want. They could have used one button (press it 5 times to enter a five, for example) but it would have been a major PITA to enter a pin so they used more buttons to make entering the pin easier. Easiest of all would be to have one button per digit, but they don't have room for that on the small package.
The pin can be 4 to 10 digits long. The total number of combinations available is ALL of the 4 digit pins + ALL of the 5 digit pins plus... ...ALL of the 10 digit pins.
Since digits can be repeated in the pin, any pin digit can be any of the 10 digits. That means there are 10x10x10x10 possible 4 digit pins. (10000 = 10^4 possible combinations). To make this simple, adding each digit to lengthen the pin simply multiplies the number of combos by 10.
So for a 4 digit pin, there are 10000 (=10^4) combos, for 5 digit pin, there are 10^5 combos. So here it is: the total number of possible pins is 10^4 + 10^5 + 10^6 + 10^7 + 10^8 + 10^9 + 10^10. My brain tells me there are 11,111,110,000 possible combinations.
The data is stored in the memory chip encrypted- there would be no point in encryption if the data were stored clear. The old version of this device was hardware hackable apparently by telling the cipher chip that a valid pin had been entered even when it hadn't- an unbelievably silly weakness in the design. Covering the chips with epoxy makes it more difficult to access the PCB, but not terribly difficult. A moderately determined attacker with simple tools will be able to clean off the epoxy. Did they use the same chips with the same weakness or did they change the design? Only time will tell.
A real secure device would include mechanical interlocks designed into the package that will do physical damage to the device if it is opened - releasing acid, explosive charge, incendiary, etc., but you'd probably only find that level of security in very expensive military and intelligence agency devices.
This thing looks like a bargain at $50, even if they merely covered the old PCB with epoxy. It's like locking your bike- you don't need the best available lock- it just has to be a little better than those on the other bikes around yours.
