Over at Macworld.com, you can read my rundown of what Apple's done right and wrong with securing data in transit from the iPhone over Wi-Fi: The iPhone is, so far, widely regarded as a tremendously secure device in terms of putting data on it, and it's ability to be updated as exploits or other bugs are revealed. But once data leaves the iPhone, or is en route to it, the picture changes entirely.
In brief, Apple doesn't provide tools that make encrypting traffic over services other than email a reliable, consistent, and straightforward affair, despite their success in building such tools into Mac OS X. This includes a lack of a globally configurable Web proxy; Apple bizarrely set it up as a per-network option. Apple did, however, make its four branded email connection partners--the ones with logos and automated setup--default to SSL for POP, IMAP, and SMTP, and any new email connection you add tries to use SSL for its connections, too.
Apple's VPN implementation is rather slim and buggy. The only time I've crashed the iPhone so far was when trying to re-establish a VPN connection. Boom, went the iPhone, but it restarted just fine. I report on two separate bugs in password handling, one reported to me by a rent-a-VPN firm. The VPN password is sometimes forgotten, and if you've chosen to enter the password each time, the keyboard presented is a dial pad (numbers and some punctuation) not a full keyboard, making it impossible to enter a strong password.
Apple notes on their Web site how they only support the most basic versions of PPTP and IPsec/L2TP connections: PPTP plus a password, and IPsec/L2TP plus a shared secret and password. Two-factor authentication where you use a token (a key fob or other card) that generates a timed password isn't supported, and that's a must-have for many corporate networks.
All the problems and frustrations I document in the Macworld.com article can be fixed through software updates.