Is it possible to get the hash and salt off the device while the phone is still locked and not in developer mode? If not this doesnt seem too serious as a security risk.
If you can grab the phone while it's unlocked (steal it off a table when someone walks away, within the lock timeout window), you can grab the PIN before the phone locks itself and have the PIN forevery after that (or learn the PIN to change the PIN).
You can steal a phone regardless, but if the phone ever locks the screen, you're now locked out.
You can root the phone from a sdcard and then have access to it. You'll need root rights anyway to access the hash and salt. This might not work with every Android version.
