Score one for Windows Phone. It seems anyone who controls a network router (such as a hacker for example) can force Android handsets to Remote Wipe via Exchange Activesync using a man-in-the-middle attack using self-signed certificates. iOS 5 handsets were also vulnerable if slightly less so,.
It seems Windows Phones have a much better implementation of Exchange Activesync (as one would expect) and rejected irrelevant certificates.
Given the increased presence of Android and iOS handsets in enterprise, one can can but imagine the mischief a determined hacker could come up with by initiating a company-wide remote wipe simply by hacking a router.
Find more detail about the hack in this PDF here.