to make it short: Yes, you absolutely can... for a few days at least.
Maybe you saw this "APPLE-SA-2007-09-27 iPhone v1.1.1 Update" announcement by Apple. It fixes (or at least tries to... who knows in the end) to fix 6 bugs in Safari, two in the mail client, and one in the Bluetooth Subsystem. Some of them really nasty. I like the "tel:" thing. If you hit on a link with this format the browser triggers immediate dialing (no don't bother to ask the user...).
I will never say that we are done with security here at Microsoft but at least we take it seriously, very seriously. Would somebody please acknowledge this and start giving us credit for it??