iPhone passcode security
One a malicious individual has physical access to the hardware, any protection becomes meaningless, security-wise.
If an attacker had the time and resources, they could circumvent any UI-based security by removing (de-soldering) the flash from the logic board, connecting it to another system, and reading any data off them. Only full-disk encryption would block that, but, given physical access and/or time, that's defeatable, too.
Just as locks do not work to deter a trained safe-cracker with physical access to a safe, the passcode lock is sometimes amenable to cracking with the correct forensic tools.
Having a passcode lock makes it so much harder to break into a phone (beyond the obvious knowledge, time, tools) since you can't run arbitrary programs while the device is in a locked state and on all but the oldest devices, data protection makes it harder to read or write to the encrypted contents and bypass the OS protection.
Unless you are a target of government or corporate espionage - setting a passcode and instructing the device to wipe itself on repeated failed attempts is quite secure in practice. If you are a target - you better hope the rest of your tracks are as well covered as iOS is.
Using the 4-digit standard numeric passcode on an iPhone can be cracked in 45 minutes or so. Adding an advanced passcode is a better, yet not fail proof option. Law enforcement has been doing this at an increased rate as of late. Software like Micro Systemation is often used to crack these 4 digit combinations. Or they may be relying on certain insecure, older versions of iOS to reset the password. It's also possible they just put the iPhone in DFU mode, restore it, and give it back without any data! :)
As stated above, given time and physical access, you can be hacked. Here are some links for food for thought:
https://securosis.com/blog/defending-ios-data-ios-security-and-data-protection
http://anthonyvance.com/blog/forensics/ios4_data_protection/