I agree with you. Characterizing that your phone is still usable by you (and could be used by attackers through you by forcing you to follow their instructions with your phone) as an 'attack' is nutty, and people attacking GrapheneOS on this point are out to lunch.

I'm also glad to hear that duress passwords and dual unlock (fingerprint + pin) are coming.