Testing a secure system is often considered as a severe bottleneck. While testability requires to an increase in both observability and controllability, secure chips are designed with the reverse in mind, limiting access to chip content and on-chip controllability functions. As a result, using usual design for testability techniques when designing secure ICs may seriously decrease the level of security provided by the chip. This dilemma is even more severe as secure applications need well-tested hardware to ensure that the programmed operations are correctly executed. In this paper, a security analysis of the scan technique is performed. This analysis aims at pointing out the security vulnerability induced by using such a DfT technique. A solution securing the scan is finally proposed.