Okay. Additional report on Crave confirms that this attack is against poorly implemented crypto ["Crypto is harder than it looks." --Bruce Schneier. "People do not break crypto; they bypass it." -- Adi Shamir.] intended to protect data stored on the iPhone from someone who has possession of it. While the details of this attack will eventually leak and will be available to someone who targets data on a particular iPhone, it does not mean that just anyone who finds your iPhone will be able to recover your contact list.
Originally Posted by whmurray
There is a secondary mechanism intended to resist recovery of such data. This measure is intended to permit one to remotely erase the data on a lost or stolen iPhone by sending it an "emergency erase message." However, this mechanism can be defeated by removing the SIM chip before the message is sent. Therefore, if your phone is lost do not wait to send the message; you will only lose data entered on the iPhone since your last sync.]
[Note to developers. "There are an infinite number of ways to implement crypto, most of them weak." --Jonathon Oseas. Implementing crypto is not a job for amateurs. If Apple cannot do it, neither can you. Get help from a lab that specializes in crypto and enjoys a reputation among cryptographers.]