This seems like a fairly major mistake…..resulting in a password-protected phone being less protected than one that has no password. Sort of completely defeats the purpose of having a password on in the first place.
My initial reaction was actually "big deal", mainly because I have never bothered to password lock any phone. The only private info I ever carry that would be of some financial benefit to a thief would be the stuff stored in eWallet on the iPhone and that has its own security lock anyway. Sure, they can get a hold of my email info but not one email has any private bank or credit card details or anything on it that would lead to financial ruin for me should it be discovered.
It would of course be a different story in the corporate world where IT departments insist on a certain level of fairly stringent password control for phones. To me, it is just another example where Apple is showing its unsuitability for that sector of the market. The more it tries to wheedle its way into this sector the more it seems to balls things up on the iPhone front, think Mobileme and it's non-push email/syncing, numerous outages since it was launched and now you have a smartphone that can be accessed by any Tom, Dick or Harry even though it is password protected. If you muck things up in this sect of the market, because you think you are big enough to enter it and can handle the pressure, then you rightly run the risk of ending up getting loads of flak and a bad reputation if mistakes are made.
Sadly, it won't stop me continuing with my current practice, the best procedure to avoid having a stolen phone is to take jolly good care of it. God, I'm so lazy the thought of having to enter a password, even if it is only 4/5 digits long, seems to be too much like an inconvenience.