[kevinwallace]

The data doesn't erase itself. The phone, in its original state, erases its copy of the data, but that doesn't help if you're operating with (a) a copy of the data, or (b) a modified phone, which is likely given an adversary that doesn't find cracking 10,000 PIN combinations to be a significant hurdle.

In particular, tools automating (b) already exist: http://gizmodo.com/5896992/the-xry-cracking-tool-is-unimpres...

[hexley]

Actually, the data is encrypted firstly with a per-device key that is unique to the phone and unable to be accessed directly (unless you want to go decapping chips), then additionally with a hash of your pin or password. A copy of the data is useless unless you can get to it in an already unlocked state. An erase firstly deletes the encryption key entirely then begins a secure erase in the background.