Previously many customers had avoided using SecureID with Exchange Activeync because entering the credentials each push/sync would impact the users experience negatively.
This has however recently become a much more viable alternative. SecureID will now work much better with DirectPush due to some recent enhancements they've made.
In their latest RSA Web Agent update http://www.rsasecurity.com/node.asp?id=2807&node_id= there is a new feature that allows ActiveSync sessions to be "cached" for an admin-chosen number of hours. This better explained by an extract from RSA:
"RSA Authentication Agent 5.3 for Web for IIS enables you to use Microsoft Outlook Web Access ActiveSync without having to reauthenticate every time ActiveSync is invoked. When you invoke ActiveSync by clicking Sync on the Pocket PC, the Agent provides a one-time authentication window for ActiveSync that is valid for a default of 15 minutes. This default time setting matches the default time setting of Cookies Always Expire After the Specified Time. If you extend the duration of the browser session cookie by changing the value in the Cookies Always Expire After the Specified Time field on the Agent tab of the IIS configuration panel, you extend the one-time authentication window for ActiveSync to the same number of minutes. You can further extend the ActiveSync time window to remain valid beyond the maximum time duration of the browser session cookie by adding an entry to the registry”
More details are posted over at the Exchange blog by Max