According to an article I've seen recently, they either are, or have already done that. Guess what--it was/is based on Linux source code. And in that case, it appears that the GPL you worry so much about isn't a problem for them as they are not re-selling the modifications, but using it internally.
I also seem to recall that they plan on releasing some of the security modifications back into the Linux community (again under the GPL).