That is the least convincing security statement I've heard in a long time. So what if we have root access? You can still log everything or compromise the vm under the hood -- and there really is no way to prove otherwise AFAICT (trusting trust and whatnot). In this case, the NSA would least of my concerns!