Don't forget that if someone can use the phone, they just don't have access to the numbers and information... they can send and receive as you.
Why is this bad? I'll leave that to an exercise to the reader.
The time it takes to tap a 4 digit PIN a few times a day sure is a lot less than the time it will take in dealing with identity theft, and the police knocking at the door asking about calls made from your phone.
Here are my two centavos:
1: Get insurance (theft/loss) for the phone. I know some rental/homeowner's insurance companies cover everything from water damage, to theft, to loss, to accidental microwaving. However, too many claims, and your premium goes up. I use Asurion to cover this aspect.
2: Set the PIN and enable the 10 bad guesses == wipe. You sync the phone daily?
3: If the phone is JB-ed, consider an application backup program for the Cydia debs, or at least listing them so they can be redownloaded.
4: If the phone is JB-ed, consider iProtect. What sold me on this utility was the ability for it to lock the phone if someone swapped SIM cards. I use this to lock the Terminal app so someone can't bypass protection by popping a command prompt up and copying stuff off.
5: Make a list of apps on the phone, both Cydia (if JB-ed), and other. This way, you can re-download them if your computer doesn't have them syncable.
Trust me, iPhones may not seem like something security sensitive, but in reality, they are.