A German research group has found a series of flaws in the way an iPhone handles an iCloud-triggered wipe. Be sure to watch the short video as to the chain of events, because it’s quite ingenious.
However, it bears pointing out that none of these flaws are new to the iPhone 5S. Though it’s under the title “Spoofing Fingerprints”, and they use a 5S to demonstrate the issues, this same series of events can occur if a passcode is known on any other device. If someone has physical access to a device and they have a lot of time, the likelihood of its data remaining completely secure is low.
The recommendations provided by the research group, however, are sound. An iOS device flagged for wiping should not be able to receive email.