The two byte format is supported by the chip, but that fact is not documented,
Does that mean that you set the address length to 3 (the minimum) but actually only upload 2 address bytes?
(Sorry for being slow).
And, just to bring all this navel gazing back into focus for the OP - a hacker is still left with the task of trying up to 256 address bytes before he stumbles on the 2nd (from top) byte of the OP’s chosen address. And, as you said in Reply #3 that still leaves the OP with a reasonable degree of security - especially if authorization requires a conversation between the two devices.
By the way (and this is mainly addressed to the OP) there is no reason why the conversation could not include an agreement to use a different address on the next occasion (with some risk that the two systems become confused and would need a fallback arrangement).
I guess another strategy to improve security is for the door unit to talk to the hand unit using a different address (i.e. NOT auto-ack) and particularly, an address that uses a different real preamble byte so that a hacker listening cannot accidentally receive messages from both units.
PS … it is disappointing that a system that, on the face of it, has a high level of security is so easily compromised. But perhaps it was designed more for reliability than for security.