They should run on some *nix based OS that has only read only memory and all local records (if there has to be one) are saved to a data cassette that only runs in one direction so nothing can be read from it.
That's what I was thinking. Or find some way to get into the computer of the person that runs the network, steal what they needed to ID them, then steal their Bitcoins, then encrypt their system with a different type of encryption and destroy the key.
What's probably really happening is that apple is no longer supporting the current version, as a new one will be launched with the next iTunes major release.
One option would a master root certificate signed by the organization, that would sign all other certificates and apps and would also prevent any other signing certificates from being used.
What I don't get is why there is no way on the iPhones for an administrator type password that can be set on these type of phones, that way the owner (if separate from the user) can configure or unlock it separate from the user.