I think this all depends of the level of paranoia.
If we're talking about device security, enable password and setting a reasonable timeout of 5 or 10 minutes should be good enough for anyone. You can also enable Content Protection and encrypt the media card.
You can also get third party applications that can secure your applications and prompt you to enter a password when launching it.
Exchange 2007/BES 5.0.2 MR2