* To protect against differential power analysis, a different way of
mixing in this randomness is used (masking the private key completely
with randomness before continuing, rather than hashing them together,
which is known in the literature to be vulnerable to DPA in some
scenarios).

I think citation for this would improve the spec.

I haven't studied these attacks but it seems to me that every hardware wallet would be vulnerable to them while doing key derivation. If the attacker can get side channel information from hashes in nonce derivation then they can surely get side channel information from hashes in HD key derivation. It should actually be easier since the master seed is hashed for anything the hardware device needs to do including signing.

is this the case?