True, I'm not an Exchange expert, although I'm not sure how you've determined that from my post. I have a working knowledge, which includes the configuration of Exchange for ActiveSync and OWA, and while both support SSL, neither requires it. My implementations of both of these have used run-of-the-mill HTTP, but neither were exposed directly to the Internet, both required a VPN connection.
My issue was not so much about encryption, SSL is easy enough to set up. My concern is about exposing the Exchange server directly to the Internet. Regardless of whether I expose it on port 80 or 443, there's inherent risk that has nothing to do with encryption.
While I'm not an Exchange expert, I am an expert on our Firewall and VPN. I know that there are complicated DMZ arrangements which mitigate some of my concerns. VPN is also an option, as long as iPhone has a client that supports it, and your users don't mind the extra step. But why go through these contortions to solve a problem that Blackberry has already solved?
Don't get me wrong. I have no love of the Blackberry. It has been the bane of my existence from the first day it appeared on my network. I have stubbornly resisted the tide and stuck with my Palm Pilots and iPaqs, using Visto or ActiveSync for e-mail. Neither Visto or ActiveSync matched what was available on the Blackberry, but I didn't care. I was more concerned with other functions. Blackberry has always been strong on e-mail, but weak on applications, WiFi, and VPN support. So while I, as an individual, could live with the shortcomings of Visto or ActiveSync, neither of these proved to be viable for the enterprise as a whole, where access to e-mail was the driving factor.
Blackberry, however, has come a long way in supporting my individual requirements, plus the Exchange integration that has always been there. Visto on the iPhone doesn't support Calendar, and ActiveSync didn't work properly through our SSL VPN. So I think Blackberry wins out in our case, much to my chagrin.