Wouldn't you have to deliberately target this partition in some manner? I can only see a risk if someone were flashing a complete twrp backup that includes the /efs partition, but that's about it.
I backed up my /efs via twrp and uploaded it to a cloud storage provider. A few days later, I made a second /efs backup on my sdcard, however I would never think of regularly backing up this partition, as it should never need to be restored.
So yeah... my question is how would someone mess this partition up?
Sent from my Nexus 5 using Tapatalk