But that's simply not entirely true. The encryption keys for the phone's data reside on the phone and are only available with the PIN/password.

Apple does hold the keys for software updates, which can be pushed without user approval. Maybe that's what you were referring to.