According to this Slashdot article, a company has successfully decrypted USB flash drives. In our experience, this is probably true. Several years ago, we put a USB sniffer on the bus and found that most USB flash drives can be trivially broken.
It's a familiar story. Hackers don't break encryption, they break how encryption is used. In this case, hackers didn't break AES, they broke the fact the vendors didn't encrypt the drive with the password.
This is why you should distrust marketing messages like "military grade encryption" or "FIPS certified encryption". Sure, the encryption is secure, but that doesn't mean the vendor hasn't done something boneheaded, like leaving the password in clear-text.
If you are concerned about your USB drive, the easiest way to check it is to use a USB sniffer. There are lots of freeware and open-source products, as well as expensive hardware sniffers. You can check what is being sent to the drive in order to decrypt it. We have seen all sorts of weird things, such as the software asking the drive for the password (which we then see being sent in the clear over the USB bus). In this case, it appears that the software asks the drive if the password is correct, but then unlocks the drive using a fixed string.
There are only a few chipsets out there for USB drives. Regardless of the vendor name and the case on the outside, most drives are often the same on the inside. This is why there is a chain of failure. A vendor like Kingston doesn't know the innards of the chip. They simply build a product around it, and ship it through their channels. They trust that the chipset vendor knows what they are doing. This is why you can never trust encrypted USB drives: there is nobody that stands behind them. It would suggesting using a product like TrueCrypt or PGP disk on top of the flash drive, because these guys do stand behind their encryption.