It's not that BES or BIS are secure or not secure, it's that they are
configurable.
As a consumer using BIS, messages go from your POP3-providing ISP to the BIS server to your phone. Your cellphone carrier rents the BIS server directly from RIM. It's unlikely that your cellphone carrier saves these messages since there are billions of them, but they could since it's configurable. Ask them. The ISP that hosts your POP3 email account is a bigger worry, really. The over the air transmissions are encrypted, if they configure it that way.
If your company runs a BES server, again, its configurable. If they allow "Split Pipes" or access to the carrier internet, they won't see your personal email coming directly from a BIS server, but if they don't allow it and they force all internet access to the outside world through company firewalls, they'll see it all. If the BIS-to-phone connection is encrypted by your carrier, your company will see it through their firewall and know what it is but not see the content. You have to ask your company's IT department.
Here are some pictures of how BIS and BES work:
BlackBerry - BlackBerry | Wireless Handheld Devices, Software & Services from Research In Motion (RIM)
What the two pictures show is BES and BIS. What they don't show is the "Split Pipe" connection that allows both. They also don't show your carrier BIS email going through the company firewall thru the BES server to your phone, but they could configure it that way.
If you are a consumer using only BIS, fear not, but you can ask your carrier if you're paranoid. If you're a corporate drone using BES, you have to ask your IT weenies if they allow "carrier internet access" or "split pipes." It's all configurable, but not by the end user.
--Qfg