The flash is not wiped after 10 attempts. The key is thrown away after 10 attempts, and it's stored in the secure enclave. So flashing the memory to its last state does nothing, it's not even necessary. The actual key to the files is made of Device-ID (can't be read, binds any attack to the device) + random key (can't be read, can be securely thrown away) + file-specific data (so you need a different key per user file) + the users passcode (only component not on the device). It's a very elegant system actually.
