An iOS 5 bug allowed pictures to be displayed on a password-protected iPhone if the time on the device was set to an earlier time and date than the real timestamp of the pictures. A new security flaw has been discovered, this time on iOS 5.0.1, but it takes a very persistent villain several tries to get passed the lock screen.
In theory, the password protected iPhone must have a missed call. Swiping the missed call notification in an area without network coverage, or by removing the SIM card from the phone, could expose, after several attempts, the entire Contact list together with Favorites on the device. Luckily this is highly unlikely to happen because you have to leave the hacker alone with your phone and a SIM card eject tool for quite a long time. Check out the video below and see how many attempts it takes to replicate the bug.