You mean the whole OS and its (runtime-)data fits into the 256KB LS? Pretty impressive work by Sony.The security is done on the Cell itself inside SPEs using their secure mode (why else do you think it's not available in Linux?). If you can read additional memory with the RSX it's most likely on the Cell side and the hypervisor can probably block it as all read write's will go via Cell. Even if it can't prevent reads from the RSX they're not going to do you much good anyway as it'll be encrypted...
Everything else has to sit somewhere in RAM, inaccessible in Linux, but accessible in the PS3-OS - and very likely unencrypted for the biggest part.
I can only assume the potential weaknesses a direct accessible RSX could impose (my bet is that is that pending read/writes could happen in the wrong OS-Context), but what you say is obviously wrong.