Even the hackers fell for the hype and got themselves iPhones, and are now busy getting different kinds of code to run on it. Like hello world. Like remote exploits that let you run custom code as root. It seems Apple didn't pay much attention to security at all. I'm sure they saw this coming, but with their limited experience in the field, they didn't get the maths right: 1 (people like to hack their devices, like Apple TV and the iPods) + 1 (the iPhone has lots of wonderful networking features) + 1 (an iPhone will probably contain some sensitive information) = 3 (legitimate users might actually suffer).
It'd be interesting to see how well a Symbian device would stand the test, but I guess they aren't interesting enough to attract competent people like those responsible for the above mentioned hacks, but some things are obviously done much better in Symbian than in MacOS. Like the web browser doesn't run with full privileges. Like the web browser probably can't even access your text messages. Basically, Symbian OS 9 is built with security in mind, like a smartphone should be these days. The iPhone is a smartphone (as in a very smart phone, never mind how people might define it), but it seems to be designed on the assumption that if you're not officially allowed to run 3rd party native code, you won't. Now there's a mistake.
(I don't know enough about the security features of eg. Windows Mobile to talk about that.)