[whpalmer4]

Sync on the iPhone does do encryption (unless you've configured it otherwise with a plain http: URL in the WebDAV settings), but I think the issue here is where those certificates come from. If you're running Bonjour syncing, you probably don't have an identity certificate for your Mac issued by a recognized certificate authority, right? Whereas Apple's MobileMe servers will have certificates that can be traced back to a certificate authority by the security code to establish that the server is who it purports to be. When I try to sync to MobileMe from a network where there's a redirector to intercept web requests and force you to log in, I get a warning that the certificate looks a little fishy in some way, presumably because addresses don't match. But now I've reached the limits of my knowledge, so maybe this is a good place for me to stop, before I'm forced to go learn more about this stuff :)