The Help Net Security site details some security vulnerabilities that exist in the current iPhone email and web client software. These include the email client not showing the URL of an embedded link, making phishing attacks easier, and the ability to get the phone to dial from a web link or Java script - although the user is prompted to confirm the connection.
Check out the article for more information.
