Given the reaction of Intel and AMD, there is just no interest in making something truly secure. This is why at least in the Privacy community we should never rely on things that happen unencrypted server side 
Particularly difficult with : AI, e-mails, Calendar and Contacts ..
Yes, these attacks require physical access. But that’s exactly the threat model secure enclaves are supposed to secure against.
I think the problem is that people want to use them for both securing against physical attacks AND preventing the extraction of private keys by malware/apps/OS.
They should still be suitable for the latter. Concerning though nonetheless.
I was just trying to make this point in Cupcake (Hardware Wallet?) - #3 by jonah actually (that the physical security of the phone being used is not of the utmost importance in that scenario) but I don’t think that point landed there.