While the BES platform is nominally secure, I'm intrigued by one "interesting" fact about the design of the message routing system.
You see, although each organisation can run their own BES server in their own datacenter, all data packets sent from a Blackberry handset to their BES have to be routed through Blackberry's own routing infrastructure. Even if you're inside your own corporate LAN, sending an email to your own corporate Outlook server through your own corporate BES server. Your packets can't just go straight to your BES box - no, they have to go out through your firewall, all the way to the nearest Blackberry routing hub, back in through your firewall, and into your BES and from there to your mail server. Every. Single. Packet.
And while they're going through that Blackberry routing hub that you don't control, there could be any number of processes being performed on those packets. The skeptical might think that this infrastructure was set up precisely to facilitate massive eavesdropping by a company that has very close ties to the American military-industrial complex. (For example, by being one of the few smartphone companies able to get White House clearance).
By contrast, as I understand it, Microsoft smarphones of the mid-2000s era just sent packets dumbly to the nearest Outlook server, which meant that they didn't ever leave your organisational firewall.
Of course those Blackberry packets are encrypted on the handset before they hit the external Blackberry router that you can't see or control. Well, that's what Blackberry say, at least. The encryption is done in binary software on the device and there's no way for the user to check whether or not the encryption is fully compliant and contains no back doors. But they say it's encrypted and that they can't break it and that there are no secret proprietary backdoors in the secret proprietary code they install on all your device. So it must be secure.