This is a good point. But I am not sure they have demonstrated that they can crack a G4 wide open. They were able to access DCIM folder, which is very accessible by design. Even if they were able to bypass whatever protection this folder has ("password was disabled"), it is still far from wide open.

They might be able to do what they claim, but not much was actually presented.