ECC itself is a really great encryption system, because it encrypts much stronger than classic algorithms at a much higher speed/throughput, which means you get much better encryption at no loss of CPU time.
Incidentally, one of the other (previous to the more recent revelations) criticisms of NIST P-256 was also that it was unusually slow. Far slower than traditional log-style system with similar security levels, in fact. I'm too busy to look up quotes on that right now, but...
I'm overall somewhat dubious about ECC itself right now. I wouldn't say the whole system is flawed, but I'd basically echo what Bruce said above... Hidden curves aren't good, as you can unravel the whole stack. And, they're extremely susceptible to problems with pseudo-random number generators, so... Caution is warranted.
I mostly just found it interesting that iOS in general and the iPhone 5S in particular has such an exquisitely designed security system (just one example, every single file on the NAND is encrypted with a separate and distinct key)... But then over here is this brand-new cloud system and it is using NIST P-256? Really? Now?
If it was last year, I'd say... Okay. But to launch it now?
Just odd. It could certainly be, however, because hardware/OS guys are on one side, and Apple keeps their server-side guys in a basement on the side and doesn't let them play with the cool people (which explains their aptitude with online services generally as well). But... It is a bit odd, to say the least. And I would NOT use iCloud Keychain.
I usually visit the C3 congress in december (since it moved to my city at the very least), which typically has at least a couple of talks about encryption security, where these issues were brought up last year.
I'd love to go sometime. Jealous.