With the latest iOS 4.1, it appears that Apple has opened up a small security vulnerability: the iPhone's passcode no longer works as it should. If you input a random number in the emergency call field, press call, and then promptly hit the hardware lock button, you will gain access to the Phone app. The issue occurs on all iPhones that can been upgraded to iOS 4.1; the iPhone 3G, iPhone 3GS, and iPhone 4 are all vulnerable.
In other words, even if your phone is locked, you can make non-emergency phone calls from it. This could be easily abused by thieves who use your phone to make expensive calls right after they steal your iPhone. The hole also grants the user access to favorites, contacts, recent calls, and voicemail. Additionally, selecting "share contact" and then the camera icon will give you access to the photo album. Furthermore, if the user holds down the menu button he or she can gain access voice control and play locally-stored music. Here's a video from Boy Genius Report showing the issue:
We expect that Apple will have a fix available by iOS 4.2, though there's no date for that release yet. Currently, the 4.2 beta still has this problem since it has only been recently discovered and sent as a bug report to Apple.