On the other hand, support for either is dead. Maemo 5 drops support for both. Hopefully the community continues some love, but we'll see what happens when the first Maemo 5 device comes out.
There is actually 1 thing missing in your spec list.
Touch screen: Resistive vs Capacitive with multitouch support. iPhone wins big.
I don't actually know it's resistive, but most other HTC stuff is. I use a XV6900 (HTC Vogue) running Android and love it, only thing I really would love would be a capacitive screen. Wouldn't consider an iPhone, but it is a huge selling point.
I will start my discussion by linking to XSSED.com. If you don't know what is XSSED.com I would suggest to go and check what it does right now. Are you done? OK! To summarize XSSED.com has the largest archive of real, fully working, XSS vulnerabilities available today. They even have a list of XSS vulnerabilities that are found in websites ranked 500 and bellow according to ALEXA. We are talking about high profile websites here people.
Why this database is interesting to attackers? Well, obviously, attackers can use it to phish users and steal important/sensitive information. In a very typical scenario, the attacker will grab a few of these XSS vectors, develop exploits for them, and send them to as many victims as possible. Of course the situation is quite grim. However, it is a lot worse then that.
Today it is so easy to create an epidemic infection that is totally based on XSS. If an unaware user visits a page that contain malicious JavaScript which recreates a behaviour similar to the one that a described above, they can be exploited on every single domain they have visited during their entire session.
Politics: A strife of interests masquerading as a contest of principles. The conduct of public affairs for private advantage. -- Ambrose Bierce