Has there been a threat model performed by a security person (not a developer)?

Functional testing only goes so far and stops at the assumption that the code and design are correct.