Much better for this application is the PCMCIA standard, which has plenty of room for circuitry.
I had this in mind too. But there's a problem -- if we have to depend on commercial manufacturers to build these things, how will we know if we can really trust them? I'm not impugning the manufacturers themselves, as it's entirely possible that the FBI and/or NSA wouldn't even let them build and sell a device like this if it's "too" secure. That's the paradox of freely-available crypto software like PGP. The software, including source, is open for inspection by all. But because it runs on general purpose computer hardware, it's vulnerable to all of the usual computer security attacks (viruses, modifications to secretly record or transmit keys, keystroke monitors, etc). Going to small, dedicated pieces of hardware removes these vulnerabilities, but then we're right back where we started -- with an opaque piece of commercial hardware whose secure operation we can't verify. Unless, of course, we can get the technology to build PCMCIA cards ourselves out of readily available parts... Phil