I'd say that's a rather extreme statement. You do realize every Mac Apple sells ends up with admin privileges by default, don't you? There may be more Apple can do with that, but most of what anyone would care about on the phone needs to have their permissions anyway. It's not really the kind of device for multiple users. And most people aren't even going to password protect the device. So everything that could be stolen would be available from anyone who stole or found the phone. When you hear people talking about needing to lock down the iPhone to security levels below administrator they're not rally providing any constructive advice. Admin doesn't give anyone root access to the phone. It just give someone the user name of an admin. They'd still need to crack the password.
As it's been said before, this sounds like standard buffer overflow exploit (or maybe more hype than anything). Locking down the user account to a non-admin would still have read access to all of the files they're claiming access to.
An example of why having admin privileges running everywhere isn't good. Safari runs as admin. I break into Safari, and inject my code. I now have read/write/execute access to pretty much everywhere. I can do the following that I couldn't do without admin privileges:
1) over-write contacts with spam. Or perhaps just change contacts subtely so that the user doesn't notice it, and then when they are synched, they don't stop the iPhone from syncing those changes. (i.e. changing telephone digits by one digit)
2) Change configuration files. This can be done either a minor, harassing manner (constantly reset default ringtone), or in such a way that the iPhone is "bricked" until a restore is done.
3) Delete other programs.
A true security researcher could probably think of more... I'm a mere software engineer and news/rumor editor. But those should be enough to point out that admin privileges should only be given when necessary and never by default.