Working for a F100 financial company and having all the standard regulations (FINRA,SEC,HIPPA etc) it's really about the management of the devices and security policy (encryption, encryption of removable storage etc) nothing even comes close to what BES provides you.
With Blackberry, you can get all kinds of reporting detail and lock down practically every function if you choose.
With iPhone you have a subset of ActiveSync and can remote kill, enforce password/timeout. There is no reporting unless you are good at parsing out IIS logs.
There is also the ability to circumvent your ActiveSync policy via Jailbreak and loading a easy to find app. So it's really not a secure device if that is a concern.
I'm hoping someone comes out with a solution to manage the iPhone as without these things it's impossible to consider any deployment beyond a device here and there.
Also keep in mind the new regulation taking effect 1/1/2010 that requires mobile devices to be encypted (MA,NV,Washington,CA,MI) - presently there is no way to encrypt the iPhone and speaking with vendors in the Forrester "magic quadrent" for encryption no one has this on their roadmap, doesn't help that Apple refuses to release the API for this.
Apple wants to control the iPhone and have it feed the iTunes/AppStore Ecosystem.