Rich Mogull gives you way more information on iCloud Keychain security than you probably ever wanted to know. From TidBITS:
For security professionals like myself, this is like waking up and finding a pot of gold sitting on my keyboard. Along with some of the most impressive security I’ve ever seen, Apple has provided a way to make it impossible for agencies like the NSA to obtain your iCloud Keychain passwords.
The paper is incredibly dense, even getting to the level of detail of which flavor of particular encryption algorithms are used in which security controls. I will likely be digesting it for months, but one particular section contained an important nugget that explains why the NSA can’t snoop on your iCloud Keychain passwords.