In yesterday's eWeek, Ryan Narine wrote a story "Cracking the Blackberry with a $100 key". This story covers the use of a $100 API key to then use it to open doors to attack.
While much was made of the Symantec blog being quickly withdrawn, it seems to me that this is exactly what is in the Defcon presentation I referred to in an earlier blog. In the Defcon presentation, the proposed attack used a prepaid card to purchase the API and then to lauch the trojan horse attacks. In the blog, I also referenced Blackberry's response to this type of attack.
Make the enterprise changes as per the Blackberry recommendations to mitigate this high risk.