Time is very much an issue, and the ability to set a complex passcode plus the power of exponents makes it so you can protect your data from these types of software bugs and hacks.
The fastest any attacker can ever (destructive hardware attacks notwithstanding) brute force an iPhone passcode is about 1 second for every 10 attempts, this assumes even a complete SEP bypass, or a older (pre 5s) phone without a SEP.
Thus trying every 6 digit pin takes 100000 seconds, or about a day max.
Multiply that by 10 every time you add a digit.
4 digit => ~16 minutes protection 6 digit => ~1 day protection (article claims a week so their attack is possibly almost 7x slower than the theoretical max speed, probably due to the cost of replaying SEP ram to overcome the 10 try limit) 7 digit => ~11 day protection 8 digit => ~115 day protection
Going alphanumeric changes from 10digits to 36digits search space (multiply by 36 for each new digit)
4 alphanumeric => 1.9 days 5 alphanumeric => 69 days 6 alphanumeric => 6.9 years 7 alphanumeric => 248 years 8 alphanumeric => 8945 years
Go crazy and add mixed case and special symbols “-/:;()$&@.,?!’[]{}#%*+=_|~<>’ to your random pin and we get maybe about 64digits giving us:
4 random typeable => 19 days 5 random typeable => 3.4 years 6 random typeable => 217 years 7 random typeable => 13946 years 8 random typeable => 892551 years
So it turns out choosing a complex passcode for your iPhone is critical if you want your data protected, the default 4 and 6 digit numeric pins are probably the worst options.
Going with 6 alphanumeric (no words just random) or 5 random chars including symbols for a pin gets you 3+ years against a brute force hack. Add an additional digit to either method and you will most likely be dead by the time someone finishes unlocking your device 200+ years later.