Software can be programmed to provide a ne’er-do-well programmer backdoor access to a system. As someone experienced in IT security, I can tell you that we often default to hardware security for a reason. Hardware has to pass through numerous tests for hardening and security. If major industry players certify a piece of hardware as secure, it’s their very reputation on the line. If there’s a backdoor and it’s discovered, that hardware becomes a liability.
I personally use KeePass and certificates from StartSSL for my personal security, but I can’t understate the importance of a platform security methodology, and that’s the purpose of a TPM.
Major players in software encryption are no less dependent on reputation.
And many are from very major players, such as Intel and Dell. Everybody has been buying up security companies.