Originally Posted by penguin3107
If the encryption keys are based on the device ID as opposed to the handheld password, then this vulnerability goes away.
100% agree , no question about it. Problem is when a security feature is exploitable (which is rather common in the software world and nothing close to the drama some posts in the thread made it to be) the solution is vendor acknowledgement and patching of the vulnerability rather than the user running in circles trying to protect themselves from a poorly executed implementation.
You and i and some thousands of forum users may be some technically inclined. That doesn't extend to the whole of the platform's userbase.
The "vulnerability gone away" solution should only come down through the official vendor channels that manage the codebase of said software. In this case that means Research In Motion Ltd.