Erases can fail, but that's typically a gross failure in the peripheral circuitry and not a cell-level/array-level problem. It's no different than you being unable to erase your data if you have a mechanical failure on a rotation drive.
Your most likely "leakage" case is with a grown defect or a change in the flash translation layer, however, the specs are written so those old locations must be erased by a secure erase command. I know that based on NAND physics, if you do that erase, the data is gone and never coming back. IMO, there really aren't enough electrons in a charge well to reliably encode "additional" information about the prior state of a bit following an erase.
An NSA hack is always possible where they install rogue firmware on the drive that doesn't actually secure erase properly, but that kind of argument/speculation is outside the scope of my answer.