Technically, this does not absolutely have to be a SEP vuln. It's possible that the PIN is being stored (not properly zero'd-after-use) somewhere outside the SEP, i.e. a pinpad entry buffer or something. Often criminals do not think of, or are unable to, turn off their phone when being arrested. Furthermore the iPhone battery is not removable and some portions of its DRAM - in theory anyway - could persist even when the phone is "off". Apple has (or at least - prior to public outrage - had) a fairly loose definition of "off" for other aspects of the system, such as bluetooth.