If you activate a Handheld wireless, the Blackberry will send a message to the email address the user enters in the enterprise activation dialog using the RIM infrastructure. As you already found out, email will be delivered using the MX records for the domain.
This message is most likely encrypted, but because the one time activation password is short, it is not impossible that someone inbetween is able to decrypt the message.
After that, the Handheld + the Server will negotiate a strong encryption.
If you are paranoid, you are always able to do a wired activation, then you can be 100% sure that nobody else then the server which was meant to receive the activation mail will receive it. http://testlab.sit.fraunhofer.de/dow...-06-104302.pdf