The firmware for the Safe Enclave can be updated, but only with the Apple private key. Which is as secure as it's possible to get in a consumer product that gets improved upon after sale.
Merely requiring an Apple private key is insufficient. The OS as a whole requires that too, but as we see here that just puts Apple in the position of potentially being forced to sign an update which removes security.
I'm guessing that the secure enclave not only requires a private key from Apple, but that it wipes the crypto keys it contains (effectively wiping the device) if it's updated without first being unlocked with the user's passcode. That would prevent even Apple from cracking it, barring an exploit of the secure enclave's software, or some sort of highly advanced attack on the physical hardware.
I got the impression that that isn't the case, but as they want to improve in ways that would be unhelpful to LEOs, what you described will be the setup soon.
I'm guessing that the secure enclave not only requires a private key from Apple, but that it wipes the crypto keys it contains (effectively wiping the device) if it's updated without first being unlocked with the user's passcode. That would prevent even Apple from cracking it, barring an exploit of the secure enclave's software, or some sort of highly advanced attack on the physical hardware.