I have been working in the cellular industry for 10+ years and have implemented security algorithms both on the UE (SIM card) and network side. Having seen how things are done, especially in contrast to where we are with security on the web, I have a very low opinion of the current state of affairs.
That said, I don't think it's realistic to expect mobile operators or the 3GPP (standards body writing the spec) to come up with a bulletproof security scheme. I think the more realistic approach is to improve security to a point where:
a) subscribers and operators don't lose money to fraud (i.e., people can't use someone else's subscription);
b) denial-of-service attacks on the network are difficult to carry out (i.e., legitimate users can't be stopped from using the network).
This could be trivially done by well established security techniques long implemented in the Internet world (PKI, key exchange protocols, etc.) There are massive challenges for national security with jamming, physical and cyber attacks on infrastructure, etc., but this is well outside the scope of subscriber security.

Most importantly, developers who build services on top of the network must be told in no uncertain terms, that their communication is, by design, INSECURE. Just like with any other means of Internet access, everyone should expects their packets to be visible to others, and should also be prepared for some level of tampering. This is how all of the Internet works, and our expectations should be no different for cellular. Once this is understood, we're back to solving problems in the Internet world, which are still very difficult, but are much more familiar.

Hi there, young entrepreneur! Welcome to the Indium Gallium Arsenide Valley! :)

GSM has horrible security and carriers aren't exactly doing their best to make their networks secure either. A while ago you needed relatively expensive equipment (around $1000-2000) to be able to sniff on the network, but it's now been done with a few very cheap phones. There's a very informative presentation (with video) here. For this to work, you need to be close to the person you want to eavesdrop on however.

We are using the GX420d model from Zebra. You can order these with Parallel port, Ethernet, Wi-Fi or BlueTooth and they also have a USB port. I've used them from OS X and Linux without any problems. There are drivers for the thing, but you can even print using HTTP, POP3 (!) or connect to the printer over TCP and send your raw commands through that. It took me about a day to figure out how they work, but the printer language is quite easy to understand. Documentation is well done, but getting access to the docs is not so easy. The Zebra tech support is quite helpful though, so you can always ask them.

Guys, we've all know that the Goa'uld have been experimenting with nanotech for a long time. No wonder the Egyptian got some of it.