Unreadable local parameter

When a KDF is at least partially implemented in a dedicated device (e.g., in a hardware security module or even a dedicated server), it becomes possible to embed a local parameter in the device
If the local parameter is unreadable by the host system (e.g., by a server doing password authentication), this buys us an extra layer of security
Need to have a backup copy - e.g., a cluster of multiple HSMs or/and a piece of paper in CEO's safe
Companies like Google and Facebook could use this approach to substantially reduce the impact of a possible user/password database compromise.  Clearly, they can afford to move password hashing onto HSMs or dedicated servers.  In fact, they could benefit from hardware acceleration of password hashing.