The conflict between security and testability is still a concern of hardware designers. While secure devices must protect confidential information from unauthorized users, quality testing of these devices requires the controllability and observability of a substantial quantity of embedded information, and thus may jeopardize the data confidentiality. Several attacks using the test infrastructures (and in particular scan chains) have been described. More recently it has been shown how test response compaction structures provide a natural counter-measure against this type of attack. However, in this paper, we show that even in the presence of response compactors the scan-based attack is still possible and it requires low complexity computation. We then give some perspectives concerning the techniques that can be used to increase the scan-based attack complexity without affecting the testability of the device.