This invariably serves to highlight the limitations of relying on a single provider for your entire ecosystem, top to bottom. In this case, the curated system has clearly failed, but fortunately it was only a test by a reputable security researcher. It probably wouldn’t hurt to display what resources or permissions apps require prior to download, ala Google’s Market, to inform the user and allow them to exercise their own judgement. … Unless they’re deemed to be incapable of their own semi-intelligent assessment without being intimidated.
If you then refer to the 5-8% of iPhones that are jailbroken, where users can then download applications from third-party repositories, then the drawcard of the ecosystem – the curated system, is no longer. These devices are as vulnerable (if not more) than comparable ones.
A bit of further reading about this year’s Pwn2Own hacking contest, in which Safari (both mobile and desktop) were hacked within seconds. Chrome was unable to be exploited: http://en.wikipedia.org/wiki/Pwn2Own#Contest_2011