Hi,
The secure table lies at $fff6 - $fffd, which can contain real interrupt addresses at 2 words (or 4 bytes) which leaves half the secure code unknown.
Suppose that you do not fill in some random number at the missing 4 bytes, that is they will read $ff as default there, this leaves 8^4 = 4096 combinations left.
If further the reset vectors point into a table, with jump instructions to the addresses, and the vector is at the first byte in the Flash EPROM code, then you are making it very easy for the code burglar.
But if the jump instructions are placed somewhere else in the Flash EPROM, or if the table does not include jump instructions only, then it is quite more difficult to find out the real secure code.
Regards,
Ake