With something like RedPhone is that there are multiple CPUs on the phone -- in particular, the base-band is a full ARM chip with complete access to all ram on the device. And the software running there is almost never under the users control. So it doesn't matter how good red-phone is -- if it ever leaks *any* plaintext or key bits out to ram, or across any wires outside the cpu it's running on, the baseband chip and the software running on it can wiretap you. And even if those things never leak off the main cpu die, the baseband can probably inject processes/instructions into that main chip's address space that would steal those critical key bits.
Unless you have control over *all* the firmware running on *all* the processors in a phone, I wouldn't trust it any farther than I can comfortably spit out a rat.
(and this is not accounting for hardware tricks -- I think you cannot trust your communications are secure unless you trust everyone involved in its design, manufacture and programming (including the compiler and related toolchain, and its compiler and toolchain -- and so on ad-infinitum) -- and that is probably a *very* sizable list indeed -- the odds that some lettered agency (looking at *you* cse/csis, nsa, gchq, fsb, etc) have not corrupted *someone* on that large list are so small that only god/fsm could tell the difference between it and 0.)