Comment by derangedHorse

It’s more about the device being tamper resistant than “hard to forge”. You don’t want people playing around with the device generating signatures. Algorithmically, there is nothing done on a secure element that can’t be done with software on a general chip. The defining difference is the physical separation of data and the mechanisms put in place to brick the device on detection of physical tampering.