What are the risks of connecting an iPhone to an unsecured wireless network?
Solution 1:
The iTunes Store uses HTTPS for most of it (if not all), at least that's how it was when I checked.
Regarding your specific question, you have to consider the iPhone is another regular device, albeit full of limitations in the tweaking department, it still runs a OS X variant, with derived UNIX parts, etc. So for the sake of this question, let's say your iPhone is a computer running some form of Unix Operating System; with that in mind, all the security risks that affect a computer are valid. Should the iPhone (and iOS) have a remote vulnerability, you would be exposed, just like your Macbook or your Windows computer or even your Linux Box.
Using 'open' Wi-Fi means anyone can log in and inspect the traffic. Anyone trying to do malicious stuff will be eavesdropping and listing for traffic in the network.
If you send an email, it will likely be unencrypted and visible. If you use IM (MSN, Yahoo, iChat/AIM, Jabber, etc.) you are likely not encrypted either (nor using a secure channel by default).
When using Safari, anything that doesn't go though some form of HTTPS is visible. Cookies and Data, with all the associated risks.
So as you can see, and excluding particular OS vulnerabilities, we're very exposed when using open networks. Most people doesn't really care or know but the risks are there (and so are the malicious users) :)
Connecting through a VPN will help with your traffic, but I have never used a VPN on an iPhone and thus I don't know what the capabilities of that are.
Solution 2:
Considering that SSL has been cracked (and HTTPS relies on it), the biggest risk is theft of private data which could result in: loss of money, privacy violation, harrassment/stalking/blackmailing etc.
Also, most websites/apps (hint: POP3 Mail) might not even use HTTPS and transfer clear-text information. I would recommend at least some sort of secure tunneling for your traffic (there are services offering VPN tunneling for anonymity/privacy).
It is also possible (though I've seen no exploit demonstrated using a free wifi for a man-in-the-middle attack) to get an iDevice infected or rootkitted with harmful software which otherwise could not reach that device. This will result in further, long term losses (from private data to media, phone recordings). For the paranoid, this eHow article is a good starting point.
Solution 3:
To complement both valid answers (Martin Marconcini and Vlad), I want to point out that you can massively improve your situation, by using an encrypted VPN connection.
By doing so, you don't have to care much about if you still have apps that send unencrypted data or metadata. Just every packet that you exchange through an unsecured wireless network will be encrypted. But be aware, the encryption of previously unencrypted data will only last until it reaches your VPN server. After that, your data will look like you put it into your VPN tunnel. Nevertheless, you can atleast be sure that eavesdropper from the unsecured WiFi won't be able to see unencrypted data.