When I first investigated it, I looked at http://www.pollardbanknote.com.
They make lottery tickets. Apparently they have some kind of controls to account for the security of what's under the scratchoff. I assume it maybe works something like registered mail, where there's documented control and custody of all the secret data at every step of the process.
Presumably, an acceptable set of controls might be an arrangement where they generate the secrets using a program you provide, and then they agree in writing to be accountable for any compromises. If they generate the secrets, not even the person ordering the tickets should be able to compromise them. Therefore, any occurrence of an intact ticket where the value underneath has been redeemed should be prima facie evidence of a compromise.
But I don't really know if that's how they work. Bitcoin is different from a lottery. With a lottery, only a few privileged people are able to make use of secrets (e.g. a retailer who can sort the winning tickets from the losers out of his inventory)... on the other hand, with bitcoin, anyone with the secrets can steal the funds, so the controls applied to lottery tickets may not be enough.
What you want though ideally, regardless of how it is done, is exactly ONE entity who could be held responsible for a theft, and who can also afford the responsibility.