why basic infrastructure components should never be closed source...

...or at least, when they are not open source, you should treat them as hostile and malicious.

http://www.securityfocus.com/news/11555?ref=rss

excerpts:

An update pushed out to BlackBerry users on the Etisalat network in the United Arab Emirates appears to contain remotely-triggered spyware that allows the interception of messages and emails, as well as crippling battery life.

Interestingly, it seems it was the battery life that drew attention and investigation. This was a minor design error, easily fixed, and then no one would have noticed this application!