According to AEP Networks (HSM vendor), ICANN's using FIPS140-2 level 4 devices for key storage and signing so the root keys should be as secure as is feasibly possible claiming to be "a sealed, designed-for-purpose unit with no moving parts. It runs an embedded operating system..."

So at least they're not in keys.txt on a Windows XP PC. More like on a physically secure device accessed by multiple security personnel, in a physically secure room, in a physically secure building.