Insecure is a relative term. I designed encryption stuff. If each client has a unique encryption key, and there is a transition consisting of re-encription between sender/receiver, then the sender does not know the recipients encryption key and vice versa. There is a daemon in the middle that decrypts/re-encrypts for both parties, and it is not PGP. Each party uses symmetric key encryption.
And of course, Blackberry could be using public key algorithms for encryption. That would mean that a physical phone (found or taken by government) will have both public and private keys... Not a great idea.