I don't think you considered the depth of the question: what is the risk? Could your device contain credit card information? Could it have your social security numbers? Could it have a way to access your bank account? Your retirement accounts? Your brokerage accounts? A lot of your personal finances could be at risk. Are you wealthy enough to be worth kidnapping, and if so, could the device provide access to your family's panic room, or to your alarm system? What about medical information?
My device *could* also be used as a sex toy, be implicated in the murder of someone by blunt force trauma, or contain state secrets. Why not rephrase the question, rather than asking "could" it contain, ask "does" it contain.
Now, divide by the likelihood your device will be compromised - you might estimate that tens of millions of devices are recycled each year, and you might figure a hundred thousand are handled by people who would like to steal from them, giving you roughly a 1 in 100 chance of having your device compromised. Would you bet the information above on those odds for $300?
Yes, because your hypothetical doomsday scenario doesn't apply to the device. Now lets look at something more realistic. The vast majority of devices will leak personal information. It has my name and address, it has nickname and email accounts. Would I risk a 1 in 100 chance despite how unrealistic the thought that there are 100,000 people out there trawling for used devices for the purpose of theft? Yes I still would because I don't place value on the information on my phone when weighed up against the risk.
Maybe you don't think you have very much worth stealing. Perhaps you're young, and don't have a retirement account, and not much in the bank, so your financial risk is only $1,000. Maybe you don't see any risk at leaking your health data. And maybe you're supremely confident in your abilities to wipe the flash RAM. Good for you, take the $300 and spend it. For you, it's a solid bet. For those of us with more at risk, it's not such a sure thing; even if I am confident in my skills at wiping these devices, what if I make a mistake?
Actually it's far more simple than that. What is highly sensitive information doing on your phone to begin with. And more to the point why did in the TFA they identify photos of the owner's "manhood". I'm no more confident in my ability to wipe my phone than you are, but judging your post I feel far more confident that I don't need to wipe my phone quite as thoroughly as you do.
I'm more questioning what the hell it is you people do with your phones!