My concern is related to this:
Where did you get the information, that the modem will be exposed via USB (even when unlocked) from? The modem is connected via USB to Librem’s 5 board, it will be possible to connect a PC via USB, too. Some software could certainly provide some kind of connection between the two, but I don’t think it has a high priority. If someone decides to create such a software, it’s up to those developers to respect the lock state (but if the modem or the phone is switched off, they still cannot do anything).
I have seen differing opinions on this problem, but I have found Johannes Ullrich at SANS to be pretty level-headed about security issues. You may want to listen to his comments on this issue here. They start at about 2:00 in the podcast.
He also provided a link on that web page, but it goes to the database of vendors and images. You may want to go directly to the researchers’ homepage. There is an introduction there, along with a link to the original presentation/paper.
I think the key point raised by @bwildenhain is that the Librem 5’s architecture is closer to that of a laptop with a cellular modem card installed than that of other smart phones. Therefore, Purism (or, indeed, the end user) gets to decide what interfaces it exposes on the external USB port.
Allegedly, support for AT commands is a certification requirement imposed by carriers, which might explain why other phones implement it. But the Librem 5 pushes the responsibility for cellular functionality and compliance into a self-contained, pre-certified module, so presumably only that module needs to comply with any such requirements, not the whole phone.
If this is the case, not exposing that AT command interface externally is all that has to be done to harden us against this attack.
My suspicion is that between this and likely weakened encryption, Android and iPhones remain succeptible to cellebrite type attacks.