The biggest risk for any mobile device - phone, tablet or laptop - is loss or theft. And while theft is a large risk, simple carelessness is the biggest one. When we were working on mobile betting apps the biggest risk we identified was simply leaving the phone on a table in a bar while going to the toilet and friends larking about it with it.
While a number of solutions have been envisaged to stop you losing a phone, the simplest approach is to ensure that it itself is protected with a password or pin and a timeout. You may still lose the phone, but at least people can't get into it.
From an enterprise point of view it is possible to enforce security for email protocols (Microsoft Exchange does this, for example), but it is equally important for consumers. Do you really want someone picking up your phone having access to your Facebook and email?
So far I've never lost my phone - although I've had the occasional panic - but I was convinced of the need for protection a couple of years ago as the amount of information invested in my device rose above a certain threshold. I use a seven digit security code which is quick and easy to type, certainly much easier than having to re-enter passwords in each app. This is one of the basic anti-carelessness protections I've written into IT mobility policies, especially for BYOD, and recommend to everyone.