6. Hide sensitive data in plain sight. The iPhone has no device-wide data encryption. It does support encrypted databases, but the inconvenience of having to unlock the data every time you want to read it may limit your use of it. As an alternative, hide some of your most sensitive data in plain sight by scattering it across nonobvious places, like your iPod library and browser bookmarks. Embed what you really need to protect in nontext form, such as buried among lots of images or audio, to avoid discovery by string scanning of your desktop or firmware. As a bonus (or not, in some cases), using iPod files syncs your secrets across iPod, iTunes, MobileMe, and AppleTV.
7. Use FileVault on the Mac or EFS on Vista. On a Mac, create a separate user account with a strong password, apply FileVault protection (using System Preferences), and activate and manage your iPhone exclusively from that account. If you never leave that account logged in, you can reinforce other desktop protection methods or skip them entirely. On Windows Vista, consider using Encrypted File System (EFS) to encrypt the entire iTunes file tree. Neither of these methods protects data on your iPhone, but it does guard against insertion of doctored firmware or simple copying of data.
8. If you use the iPhone professionally, use Exchange Server for its back end. Exchange Server keeps backups of all messages and mail settings, and most important in my book, it supports remote device blanking. In fact, Exchange is the only way to blank a remote iPhone. One drawback of remote blanking from Exchange Server is that it takes several hours -- eight, by Apple's estimation. But because the mail client is always running, a remote blank can only be circumvented if the thief is smart enough to disable your Exchange account before you discover your iPhone is missing. That's something he can't do because, of course, you've PIN-locked your device. Make sure that you or your IT department knows how to blank your device, and don't be shy about triggering a remote blank even if you just suspect your device is missing. You can always recover your data if you find your device.
Several service providers offer hosted Exchange Servers for a small monthly fee. Call to make sure that the provider offers either Exchange Server 2003 with mobile extensions or Exchange Server 2007, and ask whether users are allowed access to Exchange Server's management console. Without management console access, you can't remotely blank your phone.
Apple designed the iPhone as a consumer device, so it's heavy on convenience and light on security. If you want protection, you have to accept some pain. Fortunately, it doesn't take a lot of time or tech savvy to keep what's in your iPhone for your eyes only. The oft-repeated recommendations alluded to in the beginning of this story are all worthwhile, but if you augment them creatively, you'll befuddle the bad guys with techniques they hadn't considered and that don't yield to automated cracks. Never overlook unorthodoxy as a means of protection.