What should be expected from a factory reset?
To me, this article is similar to one that says, "File deletion fails in all versions of Windows and Linux because deleted data can still be recovered in 90% of cases." Yes, we knew that. It's because the file delete function was never *intended* to prevent data from being forensically recovered.
Similarly, unless the manual clearly states otherwise, I have always expected a "factory reset" operation to behave similarly to a "file delete" operation, in that it makes the phone *appear* to the normal user to be the same as when first sold, but I have never assumed that it did so by *wiping* any data, any more that a re-install of the OS will get rid of data you have on your laptop's HDD (which is surely analogous to a "factory reset").
In fact I would not even assume that data held on a user-supplied SD card will be deleted or made inaccessible, because that card was not a part of the system when it left the factory. (Though I would not assume that it will *not* be deleted either).