Haven't there been stories of parent's losing their phones because their kids randomly entering in passcodes forced the exponential time outs to be into the years (and longer) time frames?
The lockout period progresses something like 60 seconds, 5 minutes, 30 minutes, 1 hour, 3 hours, 6 hours, 1 day and so on. This should only be possible if the child had sole possession of the phone for days. Not saying it’s impossible, but this appears to be an extreme edge case.
I suspect most of these reports come from either bugs in the software (and some quick Googling suggests this has been the case), or perhaps that even someone (heck, even a savvy child) was trying using some sort of brute force exploit to unlock the phone.
I can see it happening. My 1.5 year old daughter routinely locks me out of my phone by touching the in-screen fingerprint reader when she takes my phone from the desk or wherever it's lying around at home.
I have a password the maximum length allowed so it's not trivial to unlock when she does that.