A few weeks ago, Rixstep posted a piece titled simply "Effective UID: 0," pointing out the fact that (as revealed by iPhone crash reports -- see this article on deciphering) expressing concern the iPhone runs most (all?) of its applications/processes as root (superuser, UID 0). This means that they enjoy full system rights -- a huge concern with regard to security, since any compromised application has the highest possible privilege level.
"[...] there are serious problems with the design and implementation of security on the iPhone. The most glaring is that all processes of interest run with administrative privileges. This implies that a compromise of any application gives an attacker full access to the device."
The level of control over the device if successfully exploited is, hence, supreme. As also described by ISE (the flaw-finding firm):
"by using other API functions we discovered, the exploit could have dialed phone numbers, sent text messages, or recorded audio (as a bugging device) and transmitted it over the network for later collection by a malicious party."
In fact, the research firm explicitly suggests restricting applications by forcing them to run with fewer privileges, recommending that Apple:
"Install applications such that they run as an unprivileged user. This would result in a successful attacker only gaining the rights of this unprivileged user."
As noted in this article on our sister site MacFixIt, "you should avoid being logged in as an administrator whenever possible," in the desktop version of Mac OS X. Unfortunately, the iPhone's version of OS X does not provide any option for doing so -- everything Apple has specified to run as root on the iPhone will do so.
We're not sure exactly why Apple did this; it effectively inhibits one of the primary benefits of running OS X on a phone -- multi-user privilege differentiation and space protection. Perhaps including true multi-user capabilities was deemed too resource intensive for the device.