The default setting for Apple's new Siri personal assistant app for iPhone 4S allows much of the handset's functionality to be used even when the phone is locked.
The security worry means that anyone can pick up your iPhone and dictate texts, emails, make calls and have Siri list calendar appointments, while the 4S is passcode locked.
Siri - the little harlot - will also tell anyone details and addresses from your contacts book, but it can't open apps without unlocking the phone.
It's easy enough to atone for Siri's promiscuous behavior though, as you can turn her off in the Passcode Lock settings menu, but many users may not even realise that this is an issue.
Voice Control on previous iPhone models also allowed limited actions with the device in lock mode, but the sheer range of functionality on offer here is quite worrying.
Although it's easy to switch Siri off with the phone locked, it's somewhat surprising that Apple chose this as the default mode.
Graham Cluley of security giant Sophos blogged: "What's disappointing to me though is that Apple had a clear choice here.
"They could have chosen to implement Siri securely, but instead they decided to default to a mode which is more about impressing your buddies than securing your calendar and email system."