One thing that I think they worded interesting is this bit:
Apple has no way to decrypt iMessage and FaceTime data when its in transit between devices
I read this as it's encrypted when I send and when the other party receives it, however, for that time that it's sitting on an Apple server, it's readable.
I believe that you misunderstand it, but it's also possible that I do. But I don't think so.
My understanding is that Apple intermediates the setup between the two endpoints but is then not involved in the subsequent messaging. The messages (FaceTime or whatever) are encrypted with ephemeral (transient) keys established during the setup, and known only to the endpoints. So the messages travel encrypted end-to-end and Apple does not have the key. Only you and the recipient have them.
Another possible way to do this would be for the traffic to be encrypted using one key between you and Apple servers, and then re-encrypted using another key between Apple servers and the destination. In this scenario, the messages would be readable while on the Apple server during the intermediate phase. Apple has specifically said that this is NOT what they do, despite some obvious operational simplicity.
In the interest of full disclosure, I must point out that some security analysts have pointed out that there is a possibility in this scheme for Apple to subvert the key-agreement process and obtain a copy for itself of the agreed key. I agree that this is possible but Apple has unequivocally denied that it does this, and I am prepared to accept that assurance. If we accept that as true then there is never any "readable"(plain-text) copy of the message except at the source and destination.
and their transparency, as Cook said on Charlie Rose, they are being more open then in the past.
