Second question concerns security:
If the private key of any address in the tree of deterministic addresses is compromised are your other private keys in the tree in danger if the perpertrator does not know your masterseed?
Knowledge of the private key alone does not make it possible to find neither siblings, nor parent (nor other ancestors), nor children of that private key. The reason being that child key derivation function actually combines three values: private/public key, index number and key chain code. Without the knowledge of the chain code, you can't find children of compromised private key.
Though, I have one (probably trivial) question about master key/master chain code generation algorithm. BIP0032 defines this process as follows:
• generate a seed byte sequence S of a chosen length (between 128 and 512 bits; 256 bits is advised) from a (P)RNG.
• calculate I = HMAC-SHA512(Key = "Bitcoin seed", Data = S) =>
QUESTION: What's the difference between Bitcoin seed and S?
• split I into two 32-byte sequences, IL and IR.
• use parse256(IL) as master secret key, and IR as master chain code