Honestly, if people use that method and not check the actual contents of the file and just assume something is secure, I still wouldn't blame the devs that hard. If someone tells you MD5 is a secure encryption method, would you believe them and use it? Or check what it does and find that its merely a hashing algorithm?
I've seen the "_secure" features, tested them out, noticed they weren't as secure as one might think, and decided not to use it for that kind of data.. Even if you would store some data encrypted on someones machine / phone, if there's no password / authentication involved its still as secure as plain text (given the fact your decryption logic is inside your application, as is the decryption key - as YAL stated as well).
Some application getting access to your stored files for your game would also require another hack to get out of the application's sandboxing on phones. On PC's it might be a bit different, but hey, thats basically called malware. So I dont think the problem is _that_ big.
But, agreed, it is a security issue and the docs should be updated :+)