Wow, this is kind of a big hole: Palm OS Treo Find Feature Information Disclosure Vulnerability. Basically, if you set a password on your Treo, the Find function still works even when the device is locked. (See the details here.) In defense of Palm, the exploit requires physical access, so if your phone is always with you the risk is fairly low. However, according to Symantec, Palm was notified of the exploit and has decided not to fix it. -1 for them.