You can make a BIS or a Direct connection, bypassing BES on a device that has BES, provided that this is not restricted by the BES IT policies.
Generally, this *IS* restricted, so that a malicious app cannot act as a bridge between the secure BES network, and other non-secure connections.
If you explicitly open a BIS-B connection on a BES device (assuming it is allowed), then you are routing through BIS-B, net BES.
My suggestion: always detect the BES connection and use it if available. This is the correct decision 95% of the time.
One other comment: BIS-B is reserved for alliance members, and these BIS credentials are given only after RIM app approval and, and under strict confidentiality agreement.
If you are an alliance member, you are violating your NDA agreement. If not, then I reckon somebody else did!