I thought the BlackBerry's lock password is actually pretty well-implemented... IIRC, it's not really trivial to circumvent *if* you have disabled mass storage access.
Well, the good thing about it is the user can set a limit for wrong password attempts (maximum of ten). If the limit is exceeded, the device wipes itself.
As for circumventing the password, I don't exactly recall how it's done. It had something to do with hooking up the BlackBerry to a computer, removing the battery, booting into safe mode, and using the readily available CrackUtil program to remove the password. At that point, the BlackBerry would be unlocked. The phone would work, you would be able to use data, etc., but if encryption was in use, the existing files would remain encrypted, as the password is necessary to decrypt the files. This is from the BlackBerry Security Knowledge Base:
"If Content Protection is enabled on the smartphone, then user data on the smartphone is stored encrypted using AES-256. Thus, even if someone reads the user data directly from the device hardware, there’s no way to decrypt the data without the smartphone password."
I also found this valuable information from the BlackBerry Internet Service Security Feature Overview (v. 3.2) that explains the benefit of using content protection (encryption) in addition to a password:
"When you set up encryption of your BlackBerry® device data using the content protection feature, your BlackBerry device is designed to be protected against users with malicious intent who could attempt to steal your data directly from the internal hardware. No one can read your encrypted data without your device password.
"In the Security Options, you can set the Content Protection Strength level. The BlackBerry device then encrypts your data (for example, messages, contact entries, and tasks). The Content Protection Strength level optimizes either the encryption strength or the decryption time. When your BlackBerry device decrypts a message that it received while locked, the BlackBerry device uses an encryption key. More encryption strength means a longer decryption process.
"If you set the content protection strength to Stronger, use a minimum length of 12 characters for the BlackBerry device password. If you setthe content protection strength to Strongest, use a minimum length of 21 characters. These password lengths maximize the encryption strength that these settings are designed to provide."
Thus, I would say that with AES encryption, used together with a password, BlackBerry has the best security going for a mobile device.