How secure is it to allow Safari to remember passwords on my iPhone?
What key does it use to encrypt the stored passwords? If it uses the phone's unlock code, what key does it use for phones that don't have one set up?
If someone had access to the hard drive contents (e.g. by connecting it to a Linux machine), how easy would it be for them to decrypt the saved passwords?
Solution 1:
Not a direct answer but I too had similar concerns. With IOS 4.2, they have enabled the remote wipe ability for all iphone4 users via MobileME. So at least, if you lose your phone, you can have it wiped out remotely.
Solution 2:
According to an article on Yahoo News, there are known exploits for Apple's keychain, which would allow an attacker to gain access to passwords stored on the iPhone. I believe that Safari uses keychain to store the username/passwords you tell it to remember.