I don’t know enough about the method, but is there a chance a duplicate key could be generated and used by someone else while you’re holding onto it?  Seems astronomically unlikely but something I’ve wondered.