Some feedback from the libsecp audit and our use in grin, all simple things we could add for a little more defense in depth:

• Zeroing of sensitive data through Drop (password, mnemonic)
• Check zeroing of private keys in libsecp
• More randomized tests to check invalid range proofs don't validate
• Same for aggsigs