CSAM scanning is probably the easiest thing they could do to satisfy this demand, and if you don't use iCloud Photos, you're not affected by it at all.
As far as encrypted backups go, it's an open question whether they want to deal with the legal and support headaches that such a change would bring. If they continued to do nothing, Congress might force their hand by legislatively outlawing stronger encryption - they had to shit or get off the pot.
For users, if you enable this feature, but then lose your password, you are entirely screwed and Apple can't help you. Encrypting "In-transit" as a middle ground is likely good enough for most people, until researchers manage to come up with a better solution.
First, while the "Erase after X unsuccessful attempts" feature exists, I've never used it and really don't recommend anyone else do so unless you are exceptionally careful.
Second, my comment was meant in the context of iCloud - if you don't enable the feature as described, Apple may be able to decrypt and recover something, but if you do go all the way to the logical end, yes, you're out of options.
My point is, Apple has already crossed the rubicon of allowing users to lock themselves out of their data. On an iPhone, regardless of auto-erase settings, if you lock yourself out, Apple cannot help you.
Especially on Apple devices. You cannot just reset the device if it was ever associated with an account and you don't know the password anymore. You must contact Apple support. Some people still want to employ Apple devices in a business environment.
The amount of money that is spend on their devices is just insane.
As far as encrypted backups go, it's an open question whether they want to deal with the legal and support headaches that such a change would bring. If they continued to do nothing, Congress might force their hand by legislatively outlawing stronger encryption - they had to shit or get off the pot.
For users, if you enable this feature, but then lose your password, you are entirely screwed and Apple can't help you. Encrypting "In-transit" as a middle ground is likely good enough for most people, until researchers manage to come up with a better solution.