For some people (upper management, dissidents and the like), secure communication is not sufficient, they also need the phone to remain secure if it is lost or stolen. If having posession of the phone is the only thing that stands in the way of rooting it using this exploit, it is a serious flaw indeed.
And how many more are there?!
This is the one found small company in spare time. Imagine theb NSA or large zero-day companies, if it ever become worth the trouble because high-worth people start trusting it.
They have declared that their “transparency” policy means (a) some other critical bugs are there but you don’t get to know; (b) they will never let third party review crucial code