It's worth pointing out that iPhones are not designed to be highly secure. Apple has quite deliberately designed and marketed them as consumer devices, declining to officially enter the "enterprise" market. This lets Apple ignore several of the thornier security features of devices like BlackBerries, such as remote erasure of data. A 4-digit PIN is obviously not intended for high security, and even that is awkward if you use the iPhone many times a day (as I do).

Unfortunately, it also means Apple sees no need to provide strong security on the iPhone. At this point, the thing I miss most from my Treo is the Palm version of Web Confidential. One possibility is to create a web page of passwords, protecting it with SSL/TLS and a strong password (and likely IP restrictions to my home and work networks as well). For ease of adding/updating passwords, it could be a private wiki. Hopefully Web Confidential or something else will be available for iPhone (and Apple won't effectively block it) before I find myself installing a wiki on www.reppep.com.

Since there's no cryptographically protected keychain, I seem to be stuck without IM. Apollo IM, at least, stores the password in its binary configuration file, so Apollo IM is no longer on my iPhone. In addition, hahlo.com, itweet.net, & ipheedr.com all stored my password in plaintext in ~/Library/Cookies/cookies.plist on the iPhone. I deleted the cookies and won't be going back to them. Fortunately twitter.comand m.newsgator.com at least avoid plaintext passwords in cookies...