Yes, they are inside an audited Smart Contract. The smart contract is not influenced by hacks or external inputs as the only way to get the eVaulted ECS is to wait 31,536,000 seconds (1 year). And the only address the funds can return to is the address that sent the money to the Smart Contract.