Interesting, but in reality, if you have physical possession of a device, the device does not have security... It is *always* only a matter of time.   One could just as easily root the phone with adb  and gain full access to your data.  Maybe not as easily, or as quickly as calling your phone number, but just as surely.  This pretty much applies to any device from any manufacturer running any kind of software.

If you have really sensitive data on your phone the first rule is not to loose it  

The second rule is to keep a separate (from the phone)  list of people you need to contact to change passwords, security keys, VPN tunnels, credit card info, logins for all sites visited, especially financial institutions, Amazon, Google, etc. 

The third rule is if the information on your device is that important and sensitive, make sure to invest in some "remote wipe" software, although to be truly effective, it will have to be incorporated into the ROM image itself and installed at the root level.

I know that several of the custom ROM's for the Hero have remote wiping software integrated right into the OS, although I haven't played with those features.

Rule #4, refer to rule #1

Countermeasure for the problem...

https://theassurer.com/p/800.html

A better solution is an app called WaveSecure.   It has a lot of good features including backup, restore, lock, location and wipe.  

These can all be used on a PC away from the phone.  I have personally tried the features with my Eris Droid and they work flawless.

-Joe

Market comments for the app indicate 2 things...

1. Sometimes, you the lock doesn't kick in fast enough.

2. It relies on an external server to work.

Regarding #2, this is a show stopper for me.

But, if I were to take the SD card from the phone, put it into a computer and ran a hard-disk recovery program (undelete/un-eraser etc.) against the SD card, would it be able to recover the sensitive data?  I'd gues it would, as a simple format of the card is much easier (at least faster) to do than securely writing bytes to each memory location.  The default "wipe" option from the menu leaves the data on the SD card recoverable.  I tried it just for S & Gs  and it was easily recoverable with a quick boot into a RIP (Recovery Is Possible) Linux distro from my flash drive.  The format is just that, a format, not a secure erase of the data.  I'm not saying that the remote wipe programs doesn't actually do a full wipe, but before you actually get all kinds of "warm fuzzies" by trusting a security program to actually secure your sensitive data, you may want to check just how fuzzy you really should be feeling if your phone gets stolen.  Doing a complete "wipe" on a blackberry can take what seems like *forever* even with just the default few hundred K of storage in the device... Precicely because it is writing data to every memory location and making simple recovery impossible.  Running a free un-delete program on a memory card isn't exactly rocket-science, so it is not like any esoteric knowledge is needed to recover the data. 

I'm not saying that John or Jane Doe who steals/finds your phone would even *think* to run a free data recovery program on your SD card, but the person who buys it from them just might...  I'm just saying that if the data is worth doing a "remote wipe" on, then it's sensitive enough to "worry about".