To be clear: these are phishing techniques. They aren’t breaking the encryption, they’re getting the user to let them in.

I don’t think it’s just the backups. Apple’s site says it’s things “such as” wallet, notes, photos, documents, bookmarks, reminders, voice memos, shortcuts, messages backup, and device backup. The such as seems to imply there’s more.