Wut?
In a large system there can be a HSM. Those are typically only used to store keys rather than perform any authentication steps such as salting and hashing. But they can be used for that. And even large systems without HSMs can have strong security for that step, for example storing salts in a separate secure database firewalled from any other system except for the hashing system.
The caveat with the larger systems is they are comprised of general purpose operating systems, with the exception of the HSM. Those OSs can be hijacked or reimaged to provide a back door. Yet they are considered secure and very often are. Attackers are left with social attacks on the human weak link. Thus if those systems can be secured, an iPhone can also be secured.