All of this boils down to implementation. A properly implemented QKD system is equivalent to a guarantee that the two key holders are the only one that have the key provided no interception was detected during distribution. However, in practice if there is a flaw in your implementation just like in normal cryptography it is possible to gain enough info to decrypt the transmitted information. I was just at Dr. Makarovs lab in waterloo, one of the first quantum cryptography hackers. They were exploiting such flaws as poor random number generators and optical components inherent reflection to gain information during key distribution on flawed systems. however these flaws are still not exploitable as commercial systems XOR the generated key with a traditional public key so in order to decrypt the information both the QKD and public key distribution must be cracked, which won't happen until we have a quantum computer.