There is no security issue. This has been blown out of proportion first on theregister, then on slashdot, now hear. The order is unusual
The only way someone can read these "unencrypted" email attachments is if the owner of the phone enters the passcode, which means he can now start the Mail application and read these "unencrypted" email attachments as intended, or enters the passcode, and connects the device to iTunes for backup purposes.
Since about the iPhone 3GS, all iDevices have hardware encryption which is permanently turned on, and without the passcode even the NSA is totally incapable of decrypting any of these "unencrypted" email attachments.
----------
You are wrong, wrong, wrong. _All_ files on iOS are encrypted. Always. Including these "unencrypted" emails. They cannot be read unless someone enters the passcode to the iPhone, and that is what happened: Someone entered the passcode and was surprised that you could read his emails. There are further encryption levels that can be used, but _every_ file without exception is encrypted.
----------
Physical access to the device, PLUS knowledge of the passcode.
----------
Works with _your_ iPhone where you know the passcode and enter it. Doesn't work with _my_ iPhone if you steal it, because you don't have the passcode.
----------
On iOS, with 3GS or later, full disk encryption is turned on permanently. Passcode is needed.