I'm not so worried about what FBI is doing. I am more worried about the exploit being used by criminals.
In my mind there is a fundamental difference between being able to hack into a phone you have physical possession of; and that requires disassembly of the device, and removal of motherboard components - and being able to hack into a phone remotely; by means of covertly installing some piece of software, etc.
I don't worry about Russian criminals getting physical possession of my phone. Because I'm unlikely to leave it on a bus, and even if I did, the payoff for anyone finding a phone in such circumstances would be such that they would be extremely unlikely to expend the time and effort to open it up on the tiniest off chance that it might contain some information they could exploit for profit. If my phone is lost; it gives to the user time to remotely erase or otherwise disable it.
Maybe that should be the "reasonable standard" for smartphone encryption protection. A device that authorities actually have to have within their possession, and that requires a time-consuming and (presumably) expensive procedure to unlock. Versus something that can be done over the internet at essentially zero marginal cost.