Check out Jon Oberheide’s highly detailed report on an Android web market XSS that could have pwned mobile devices. These 2 quick lines illustrate the uphill battle security will always have:
The actual vulnerability was an incredibly low-hanging naive persistent XSS in the Android web market….While being able to browse the Android market via your browser on your desktop and push apps to your device is a great win for user experience, it opens up a dangerous attack vector.