Any modern Android is encrypted at rest, but if your phone is taken after first unlock, they get access to the plaintext storage. That's the attack vector.

A passphrase can be long, not just a short numeric PIN. It can be different from the phone unlock one. It could even be different for different chats.