There seems to be some FUD (Fear Uncertainty and Doubt) being circulated by some of our competitors in the Mobile Email space. 

The FUD is really in two areas:

1) We require lots of firewall ports open

2) This is 'insecure'

Both the areas are actually a huge mis-understanding:

For Windows Mobile/MSFP you do need to allow inbound access somehow to the Exchange server, but that can be done securely by using an ISA Server as the firewall to sit in front of Exchange and terminating the SSL connection on the ISA box, pre-authenticating the user (so nothing anonymous ever hits the real Exchange server), inspecting the protocol for attempts to subvert it, and then ultimately re-encrypting the stream and forwarding it on to Exchange.

The only firewall port that needs to be opened is port 443 which is SSL.  A large majority of our customers already have this firewall port opened for the use of Outlook Web Access. 

All traffic is encrypted using SSL (128 bit encryption).

Microsoft itself uses this exact approach and we have over 40,000 users using this environment securely:

http://www.microsoft.com/windowsmobile/business/strategy/scalability.mspx
 
If you wish to go one step further by enforcing two factor authentication above and beyond the protection that our Firewall is providing then you can add any of the following:

1) Certificate based user authentication
2) Secure ID authentication
3) Private APN services in the GPRS world where only specific devices can connect over a secure APN to a specific Server.