We'd seen this for ourselves earlier this year, but now it's been proven by science: grease marks, touchscreens and swiped passcodes do not a secure Android phone make.
In "Smudge Attacks on Smartphone Touch Screens"—which must have been more fun to name than to write—University of Pennsylvania researchers tested how easily passwords could be extracted from an Android touchscreen using a variety of methods. The answer: very, very easy. Your oily fingers leave a trace so distinct that partial passcodes were, in one set of experiments, identifiable 92% of the time.
You've got a couple of options to combat the security risk: one would be to wait for Froyo and its delicious QWERTY password option. The other? Turn your entire screen into a grease mine so that no pattern emerges. Who knew the KFC Double Down was the best bodyguard your phone ever had? [UPenn via Techdirt]