The video also doesn't consider that Apple has been pretty (good) annoying about enforcing security questions. It really, really, really wants you to add them, and it bugs you a lot even as you set up iOS 7.
Even if you get your password reset link, you have to answer security questions. That would stop the guy dead in his tracks, and leave the iPhone useless once again. (The data is still compromised on the device). Apple is even smarter with two-step, because resetting your password means you need the recovery key (it doesn't even initiate an email).
I don't think the temp/perm lost mode matters. Instead, what matters is Apple warning people (as they suggest) to reset other account passwords that may be on the device. (And, they already have the lost mode vs. erase iPhone, so that really is your temp/perm scenario.) So, when you initiate erase mode, it should say "Apple highly recommends changing passwords to all accounts associated with your device, including email and social media accounts."
Not saying this isn't legitimate at all (it is). There is a way to gain access to your device. That's the part Apple can't easily fix without destroying user experience.
This ONLY works if you:
1) Lose your phone
2) Get your fingerprint taken or passcode snooped
3) Don't change your email password when the device is taken (you should, and Apple should remind you)
4) Don't have security questions (which Apple basically requires you to have now) OR don't have two-step.
So, basically, if you're at the bottom of the bottom security wise, you would be vulnerable ONLY IF all those conditions were met. And, if you're not even worried enough to enable two-step or security questions, then perhaps you aren't that worried about people taking your data. Now, with 700 million phones, many people are at the bottom level. Perhaps Apple can start requiring security questions or the account gets disabled. Or, require them to set up an Apple ID on a new device, no questions asked.
Something else that's new was Apple requiring security questions to make your first purchase on a new device. I had to reset my questions since I didn't remember them, so I know that's new within the last year. Once again, another layer of security. And, it reminded me to enable two-step on the Apple ID I use for purchases.
The other issue: Apple doesn't remind you to add new phones as verified devices when you buy them. That's a bit of a silly move.