There's also no security in the communication between the CPU and the TPM, so you can plug in a chip that intercepts it and copies all the keys, or plug the TPM into a chip that pretends to be the CPU and derives identical keys.
The TPM on most computers these days is a sectioned off part of the CPU that only talks through channels on the package/die (fTPM). Good luck plugging something in on that.
