...The most obvious is root exploits on the phones themselves, if there's a local root exploit then a bad app you install can still steal your wallet until the OS is patched. But at least it's not insecure-by-design like Mac/Linux/Windows are, and local root exploits aren't that common on these devices.
Uh-huh... storing a lot of bitcoins on a usually-network-connected device would make me very nervous. I think we're going to see a LOT of smartphone exploits over the next 5 years (maybe I'll be pleasantly surprised and it will turn out the smartphone OS folks have done a great job making them secure).
But security is not a boolean, and we clearly need to do what we can to help people keep their bitcoin wallets secure.