This has been discussed at length in other threads. BIS is not truly secure, in the way most people think, the data is secure to RIM's servers, and they have cooperated with governments in the past. The governments there wish to have access to real time data. Which RIM doesn't want to do. BES is as secure as the Exchange server the BES server is attached to. Many posts about the AES encryption scheme have been posted, but the weak link is the Exchange server.
Posted from my CrackBerry at wapforums.crackberry.com