Well, since the encryption was only meant to abstract the data on disks for RMA purposes and was not designed to render deep-level hacking to retrieve the key, I think it "works as designed".
I agree that it would be nice if the functions were more hardened and such, but since that wasn't the purpose (and the devs aren't particularly well-versed on solid security practices with regards to encryption via geli) they don't have much experience to provide. If you have code improvements that would make it more secure I'm sure they would be appreciative! Nobody has audited the encryption that is used in FreeNAS afaik, so it's a "take it or leave it" situation.