Thanks to the quick Camera access and power of Siri as a virtual assistant, iOS 5 and iPhone 4S are more convenient than ever -- but they also leave you open to everything from pranks to data theft. We've talked about this extensively on the iPhone Live podcast but it's worth repeating here.
Double clicking the Home button and tapping the Camera icon bypasses a Passcode Lock and instantly lets you take pictures. You can't access anything else, but if you leave your iPhone unattended, a friend or passerby can easily prank you by taking an inappropriate picture (from innocuous "funny faces" to to full on "junk attacks" -- don't ask.) If you have Photo Stream enabled, that prank picture can quickly propagate to all your other iOS devices, your PC, and your Apple TV, and the only way to remove it is to delete the entire stream.
You can't currently disable the fast Camera access. You can disable Photo Stream by going to Settings, iCloud, and toggling Photo Stream to Off.
Holding down the Home button to activate Siri also bypasses the Passcode Lock, and while Siri is prohibited from doing things like deleting contacts or performing web searches without the lock code being entered, Siri can still call numbers, delete alarms, and perform other tasks unencumbered. If someone knows a contact's name, they can get access to their email address(es), phone number(s), etc. Even if they don't know a contact's name, because relationships can be set, they can simple ask for "mom" or "boss" and get the data that way.
Friends, strangers, and can also prank you by telling Siri to "call you" by some funny or rude name.
You can disable Siri's Passcode bypass. Go to Settings, General, Passcode Lock and flip the Siri toggle to Off.
Convenience and security are always at opposite ends of any feature list. Each individual has to decide for themselves how much convenience they want and how much security they're willing to give up for it. (Some people choose to not even use a Passcode Lock, after all.)
Disabling Siri's Passcode bypass reduces its speed and ease of use but increases its security. You can't just hold a button and start talking to have Siri take an email, for example, while you're driving. You have to enter the unlock code first, and perhaps each time depending on your settings.
Unfortunately, Camera access and Photo Stream need to wait for Apple to provide an easy off-toggle, and a way to delete individual pictures from the stream. Disabling Photo Stream contains any pranks, but means you lose the backup and multi-device replication of the feature.
In the meantime, the best practice is, of course, to never leave your iPhone unattended, especially around people you don't know -- or people you can't trust not to prank you.