Every process runs as root. MobileSafari, MobileMail, even the Calculator, all run with full root privileges. Any security flaw in any iPhone application can lead to a complete system compromise.
I really thought Apple had better software developers than that. I guess that explains Steve Jobs’ comments about it being impossible to provide a 3rd party SDK safely.
Yeah, if you made the incredibly dumb decision to have no security whatsoever in your mobile OS, then it’s impossible to support 3rd party applications safely.
More to the point, as soon as someone finds a security hole in Safari or Mail, that’s it—they will be able to pwn the entire system. I’d place bets that someone will find such a bug, sooner or later; and then we’ll see iPhone viruses and trojans spreading by e-mail or web.