What we need is a phone with two user accounts, a "business" account and a "personal" account. The email client would run on the "business" account and only be able to wipe the data on it. The data on the "personal" account (your photos, your family contacts, etc.) would then stay safe.
As an aside, remote wipe is an horrible way of protecting data on a phone. Encrypting it (which should not be very power-intensive with hardware assistance plus the kernel's normal caching) and requiring a key (perhaps even having to contact a server to obtain part of it, to allow for it to be revoked) would be much safer, since it would not need a constant network connection to protect the data.