That protects the confidentiality of anything you had on the phone prior to installing the app. It doesn't do anything for the confidentiality of what you do on the phone after installing the app.
So, I'd say it mitigates but does completely eliminate the security concern.
A scenario where there is a real security concern with an app doing this (not this app, as it makes clear what's going on, but a malicious app using similar powers)
the OS installed would look just like the stock OS, except it contains hidden capabilities the user doesn't want (spying on them, leaking passwords, posting unappetizing food photos to Flickr, etc.)
in order to escape detection, you'd have to target people's early use of the phone - convince people to install it as one of their first actions with a new phone. Then hopefully, they haven't put too much data into the phone, and might chalk its loss up to OS updates going badly or something.
The latter point actually might not be that hard - for instance, monitoring a user's social network activity for the first "posted via twitfacespace for Android" status.