Very cool. The world needs more people like this guy. He found the perfect niche to challenge his skills and make money.
The weakness was the hardware wallet allows low-level access with other hardware, and he could change the code that runs on the wallet. That code puts the decrypted data in main memory which is then extracted and searched. To prevent that kind of attack, strongly encrypt the data before saving it in the wallet (which then wouldn't need to have decryption running on the device). That way, it might be possible to extract that encrypted data, but it would still be hard to decrypt it. Of course, then the owner would have to have the private key backed up somewhere.