Pardon my ignorance, but I thought GPG card hardware sets the PIN counter to lock or destroy the private key after failed attempts precisely to stop someone from trying to brute force the PIN? Am I to understand that we cannot rely on a PIN counter?