The message encryption is not done by the elliptic curve when using ECIES,
conventional encryption such as AES is used for message encryption.
This is probably what gmaxwell is referring to. If AES is broken so is ECIES. In other words, the security of ECIES is dependent on the security of EC discrete logarithm problem as well as AES.