From what I'm reading in that thread there is a danger of damaging the phone beyond repair. What exactly is the risk here?

It's a very small risk, almost nil in the hands of an expert. I'm far more experienced with software reverse-engineering than hardware. Everything I know about hardware RE I've either read, researched, or spoken to someone about. My knowledge (but not expertise by any means) would be in the reverse engineering of chips from China to look for hardware Trojans or backdoors. If you want to learn more about this fascinating new area of security some keywords to search would be hardware trojans, gate-level trojans, gate-level obfuscation, and dopant-level hardware trojans. By understanding how people want to obfuscate and protect their chips from being reverse engineered and copied by China (and other counterfeiters), you'll also learn how people are trying to obfuscate and hide their encryption keys and other security related circuitry as well. When people like Apple make Trust Protection Modules they're just using the same research and techniques as everyone else, they're just protecting something different. If you're not that interested, but still want to read 1 paper, this one is a real beauty. BTW I'm not picking on China by any means, I have a shitload of Chinese friends. China is just in 1st place right now when it comes to reverse engineering (software & hardware). They're leading the world by a lot, and Russia has pretty good techniques too. Both China & Russia are way beyond what I see other countries doing. They have incredible RE infrastructure in place.

It depends on what they want to do. If the technology exists to recover the random encryption key from hardware, well that is the easiest way, and least invasive, and can't fail. If not, they may go for the bruteforce method. They can use a laser to cut certain circuits in the silicon to "re-program" the chip. IE: The circuitry that checks to see if 5 seconds have passed can always return "true", and the circuitry that checks to see if more than 10 attempts have been made can always return "false". They can laser cut so that only a small subset of the circuit is powered on, they can overclock that small section for more speed, there are so many ways to RE a single chip to extract information. Xray's, electron microscopes, and magnetic force microscopes can accurately take "pictures" of the hardware and then allow RE's to either capture data like the master encryption keys.

How many people have successfully done it?

I can't give you a number but every piece of security ever invented (not including symmetric ciphers) has been broken shortly thereafter. Someone invents a new way to shrink transistors, publishes the research, chips come out with it... someone figures out a way to take "pictures" of it sometime later. Someone figures out how to hide information at the doping level and publishes it... someone figures out how to counter that. Almost all techniques used are not invented by governments or hackers.. but by students trying to get their PhD's. The techniques the iPhone uses are similar to other devices like those "unbreakable super secure" USB thumbdrives that "self-destruct and cannot be reversed engineered by any means", which were reversed engineered. It's the old safe-maker vs safe-cracker logic. The safe-maker has finite time and finite knowledge to create the safe. The safe-cracker has infinite time & infinite knowledge to crack it. Any progress made by the cracker cannot be countered or interfered with by the maker because the safe has already been made, designed, and shipped to the customer. The cracker always wins.