Presumably what's going on, is that the flash controller chip is an off-the-shelf part which has to work with all manner of flash-chip suppliers and capacities (and even an individual manufacturer of flash drives will often want to change supplier or capacity as prices shift; flash pricing is notoriously volatile). So, rather than embed a huge, ever-changing list of flash-chip IDs in the controller chip firmware itself and have it auto-detect, they just store the information in a "secret" flash block which the flash-drive manufacturer programs on the finished device in the factory. Once the unscrupulous figured this out -- which probably required nothing more nefarious than reading the controller-chip's datasheet -- the game was unfortunately on.

Peter