You can watch the whole insincere deletion process play out above, but here's a handy guide so you can follow along at home. Turn off your device radio and Wi-Fi connection for maximum OH GOD:

1.) Find a message with a memorable subject line, and delete it.
2.) Go to your trash, and remove the message from there.
3.) Check whatever IMAP folders may be listed on your device—this works with POP too—and make sure your message is really not
there.
4.) Flick over to the main Spotlight search screen, and search for the subject line on that message that shouldn't exist
5.) Be shocked and confused when you find that not only can you see the subject line in a simple search—you can still view the entire message. Your email-based illicit affairs are ruined.

I've tested this, and it works. I even restarted my iPod for good measure, and the message was still in the index, and still accessible by search, despite not appearing anywhere in the main Mail interface. As far as I can tell, there is no way to completely delete emails from iPhone OS 3.0, which isn't just strange, it's a disastrous security flaw.

Still, a few things don't really add up here. The video submitter says he can find emails from months ago, but surely this would result in creeping storage consumption, and has to stop sometime. I mean, doesn't it? And even if these messages are just hiding out in some secret folder or something, and can be deleted by some obscure method, this isn't how a mail client should behave, at all.

Try this yourselves and see if you can find any clues as to what's going on here: I'm as alarmed as I am stumped.

UPDATE: An internal tipster has provided us with proof that Apple is fully aware of this issue and will probably be including a fix in iPhone OS 3.1. Additionally, there are a number of ways to delete the messages from the index—for some, waiting works; for me, even restarting didn't—but the fact remains that deleted emails are left, for some time, fully accessible.

Richard from 148Apps has this workaround, which seems to work fine:

From my messing around with email, the message actually disappears after viewing it a few times. At first I thought the email disappeared after deleting it a few times but I simply viewed the messages about 3 or 4 times and it disappeared.

UPDATE 2: Also, current 3.1 betas don't seem to suffer from this bug, so yeah, a fix is essentially imminent. [CultOfMac]

The iPhone certainly isn't as ubiquitous for corporate use as BlackBerry or even Windows Mobile, but that's starting to change, and Zdziarski is very concerned that the iPhone 3GS's security puts sensitive data at unnecessary risk. He claims that with easily-available software, anybody can break into an iPhone 3GS and start extracting data within two minutes, and access everything on the phone within 45. After reading this, we could see why companies might just be reluctant to trade their BlackBerrys in for a shiny new iPhone 3GS. [Wired]

To the untrained, the cached images disappear after a few seconds, but Zdziarski demonstrated that if you know what you're doing (and you've got over an hour), you can recover the file system and see many, many of these grabs. Gadget Lab is also reporting that Zdziarski said forensics experts have actually used this method to solve serious crimes. You can probably count on two hands the number of people like Zdziarski who actually know how to accomplish this, so it's not like small-time thieves are getting their iPhones scanned regularly. But still, interesting development in iPhone security. [O'Reilly, Gadget Lab]

Zdziarski was one of the first to successfully open up the iPhone to 3rd party development, so you have to wonder what is the real motivation here. Is it about educating and supporting law enforcement on methods of gathering information, or is it really targeted towards hackers who may or may not have a malicious agenda? [Wired Gadget Lab]

If you're sending in your iPhone for repairs at the Apple Store because it's broken, you might not have the option of wiping your data like this. It's not really THAT great a method either, but will be able to stop the next owner from casually recovering data. Basically, just run a restore and hope the next guy who has your phone isn't nosy. [Securosis via TUAW]