It will happen at some point, but the whole iPhone closed system thing means that applications can only run in a very small playground.

Jailbreaking - and not changing the default login password which results - can add risk, so do the research.

If you read emails on the phone, and click links in them, then you're subject to phishing / spam in the same way as on a laptop.

As as for iTunes being "vetted", well yes - but see Apple Inc. iTunes Store Hacked, Vietnamese Developer Banned (AAPL) | Comtex SmarTrend for a little bit more detail.