You can use a longer alphanumeric pass code if you'd rather, it's an option in settings.
As with all security convenience is played off against security. For most people (who in reality aren't likely to be targeted by such an attack and aren't storing much in the way of critical data on their phones) a four digit pass doesn't seem completely unreasonable.
On top of that, a lot of companies have the requirement that once you hook up your corporate exchange to your iPhone, you have to have a >4 digit password (as in the iPhone forces you to change to a longer password)
Exchange can also enforce a shorter time limit before the phone auto-locks. One of the reasons I was glad to dump the Exchange account from my phone when a client project ended.
You can use a longer alphanumeric pass code if you'd rather, it's an option in settings.
As with all security convenience is played off against security. For most people (who in reality aren't likely to be targeted by such an attack and aren't storing much in the way of critical data on their phones) a four digit pass doesn't seem completely unreasonable.