In my limited knowledge, for whole device encryption to remain secure at rest, every usable data sector has to be encrypted. Even if there's no currently valid content. So, for a nominal ~32 GB /data partition, every sector should have pseudo-random bits written. Not the default 0xFF or anything else leftover from before encryption.
This writing of all sectors, to be done separately for each device during manufacture, would take significant time. It is unclear if all devices share the same encryption key used for the initial encryption at the factory.
If the encryption key used in the factory is not unique for each device, then the encryption is compromised. Because an attacker can buy the same product and perform pattern analysis to discover the key. And that key remains invariant across all same-model devices sold. Plus, it would seem, that key does not change no matter how many times a customer performs factory reset or change the lock (PIN, etc.)
If there are no trust issues to ponder concerning Flash, then why not allow each device to be fully re-encrypted by the customer? It's like a PC vendor saying you're not allowed to low-level reformat the D: drive.
I am not saying there's nefarious purpose on the part of Flash. But if I am not reassured by being able to fully re-encrypt every used & blank data sector, then either blissful ignorance or willful negligence remains a consideration.