The SIM card contains a private key or more commonly a symmetric key called the "Ki", and the card is designed to never divulge this key to the outside world. The SIM card itself has physical security measures to make reading the key from the card very difficult without destroying the original card and/or the data stored in the card. For a long time, this makes it difficult or impractical to clone a SIM card.
The secret key isn't stored in SIM card circuitry. SIM card circuitry is basically just a very small integrated computer; it contains a CPU, RAM, ROM, and a writeable storage and have an operating system which can run Java Card application. The encryption key itself is stored in a solid state storage within the card. The card itself is a form of tamper proof housing to protect the small computer from physical access. To read this solid state storage directly, you'll probably need to use an electron microscope and grind the card very precisely without triggering the physical security features of the card.
In recent times, there has been some successful attacks to SIM cards. These attacks are typically in the form of either side-channel attacks or attacks on the vulnerabilities of the operating systems in the card rather than physical attacks.
Further readings: