Aside from all the other good answers, a properly secure HSM **does** become unusable if tampered with, which would prevent the usage of any extracted keys (and presumably raise all kinds of alerts).

An HSM doesn't just store the secret keys in the clear on its internal storage.  If it did, then extracting that storage would provide access to the keys, and just like you propose in the question, even if it sets off tamper alerts, there'd still be a period of time when they'd be usable.  (Even putting aside the question of using them to decrypt already-captured data.) Rather, the HSM has what's called a LMK (Local Master Key) that is usually randomly generated when it's first turned on, and every key that the HSM is protecting is encrypted with that LMK before being stored.   When the key needs to be used, the HSM decrypts it in memory, applies it as necessary, and then clears that memory. 

If tampering of any kind is detected, the HSM **wipes the LMK** from its storage.  That immediately renders all the other keys useless, since there's no longer any way to decrypt them (or at a minimum, doing so is at least as hard as decrypting the data without the key at all).  So even if you were to copy them out, that wouldn't get you anything.

That said, for redundancy, it is possible with all HSMs I've worked with to set them up to use an existing LMK so that they can read existing keys, so if you're able to extract the keys from one HSM and then use them on a different one that has the same LMK, there is an attack avenue there, but it's the same remote access one that you would have had in the first place - you can't just walk off with the extracted keys and be able to use them at your convenience later.