I expect two things will happen in coming year:

1) We'll learn about more cute tricks that web applications can use to look more like native iPhone applications and to interface with the iPhone and allow access to things like contacts, photos, and maybe even the phone's physical location. All of these features will expand the horizons of enterprising attackers.


2) All of the other handset makers in the world will begin to deliver their response to the iPhone. At that point, they will all have been working around the clock in panic mode for the better part of a year, and the devices will contain a treasure trove of security vulnerabilities that make the iPhone look like Fort Knox. After all, Apple got plenty of things right: at least you have to confirm before the phone dials.