Everyone involved in computer security knows that once someone has physical access, unless all data on the device is fully encrypted, that it is vulnerable. I'm sorry, but this particular "vulnerability" is fairly lame.
No but there is a security hole if you apply a pin and then you can connect a USB cable to it and pull off all the data. What’s the point of a pin.
In your example of botting to a CD...I will agree assuming you set the bios password. The bios password acts like the pin on the phone.
When I reboot I expect the pin/bios PW to stop someone from booting to CD. Just like I expect my pin to not allow someone to have access to my phone by simply connecting to it.
Let me enter a password on my computer, and my BIOS. And I'll step away. Then you can have at it. See if you can copy the entire contents of the hard disk - without opening the computer - in a matter of 30 seconds. See if you can even boot off a CD (which is turned off in the BIOS).
Seem there's no "booting" or "hacking"; it's just plugging the phone in and it appears just like a USB memory stick. All security is bypassed BY THE IPHONE. No need to try to do anything more difficult than insert a cable.