That's some twisted reasoning. First of all, we know for a fact that not all changes were reported by Apple. There are several visible changes that don't show up on the change log. There are also several apparent bug fixes that don't show up on the change log.
Second, we don't know that crashes can be used for exploits. In the report you are talking about (http://www.securityevaluators.com/iphone/) they are clearly speculating; the actual exploit they reported had nothing to do with crashing. I've seen no proof that a crash can lead to arbitrary code execution, and if it's using protected code pages it seems that it can't.
What they say is:
"Is it likely that there are other vulnerabilities in the iPhone?
It's a near certainty. For example, every cause of Safari crashing on the iPhone is a potential vulnerability. And getting Safari on the iPhone to crash isn't that hard. Additionally, it's likely there are vulnerabilities in the other iPhone applications as well."
The actual "arbitrary code" thing is arbitrary web page code that gets executed without you intending - and that was supposedly fixed.
You say you are "assuming" but you originally stated your assertion as a fact. But this report says nothing about crashes resulting in arbitrary code being run, says nothing about root (though i've seen that referred to elsewhere), and the published exploit has nothing to do with crashes or root.
Arbitrary code execution is not arbitrary javascript execution
And you said you were a professional!
Surur