And this means the passcode has to be broken on the device. The key is generated from the passcode and the other keys you mention via PBKDF2, which slows down the cracking process. You also have to have a non-destructive jailbreak or Apple's update-signing key to do the cracking.
I'd recommend using a longer passcode. If you don't want to use the keyboard, choose a long number for a passcode and you will still get a number-pad when entering it.
Another loophole to be aware of is the "escrow keybag". If you're paired with a laptop, there is a file in /var/db/lockdown that can work in place of the PIN (the device can decrypt the escrow keybag with #2 and #3 above and use the keys therein to decrypt the files it needs). Apple did this to allow backups without unlocking the device.
I'd recommend using a longer passcode. If you don't want to use the keyboard, choose a long number for a passcode and you will still get a number-pad when entering it.
Another loophole to be aware of is the "escrow keybag". If you're paired with a laptop, there is a file in /var/db/lockdown that can work in place of the PIN (the device can decrypt the escrow keybag with #2 and #3 above and use the keys therein to decrypt the files it needs). Apple did this to allow backups without unlocking the device.