There are definitely more shades of grey. On my iPhone I can select a close contact to be able to overturn my protection but this contact needs to have security features turned on, too. So Apple staff cannot do it, only a non publicly known person that has 2FA and encryption themselves. Add time delays, notifications, identity checks and more to it and you can make this process reasonably secure while still ensuring recovery.