Does this mean that knowledge of a Trezor account private key + pertaining xpub = xpriv ?
I didn't think that it was possible to obtain knowledge of a Trezor priv key.
assuming that at least one private key is leaked
Trezor uses a BIP44-style wallet layout (they proposed BIP44, actually).
That means, your Trezor stores a HD wallet structure as follows:
m / purpose' / coin_type' / account' / change / address_index
The ' means a hardened. The maximum level that you can trace back to is therefore "change",
under which all addresses are generated that your Trezor uses for the given account.
Thus, if you leak a private key of one of your addresses, you'd endanger all keys of
that account but not the master/root key.
Note that Trezor doesn't let you export the private leaf keys.