Lynn's statement would tend to make one believe that this is yet another example of a vulnerability that is awaiting an exploit, not one that has yet to be discovered -- a sort of Sword of Damocles, if you will...
I think he's just pointing out that the risk assessments of many network operators are way off. Some postings to this list certainly suggest that. Too many people seem to have forgotten the work done by Phenoelit. Maybe their exploits leave something to be desired, but, as the saying goes, attacks only get better. In other words, it's not about a single vulnerability. It's about a widespread belief in the invincibility of IOS. And, to be honest, I'm scared how many people subscribe to that religion. Such irrationality puts networks at risk, far more than any single vulnerability could.