I knew a very little about the remote wipe feature, but I never knew that remote wipe included things other than the data that was being synchronized. I also hadn't heard of people using this as a punishment tool. How confident are we that the remote wiping was intended to punish rather than mitigate an accidental exposure of information? (I'm not saying it wasn't an inappropriately painful result; I just want to be sure we are talking about malice)
Regarding the security issues, this is a problem that is impossible to solve with current systems (at least the ones I know about). You have two security domains that you need to keep completely separate except that you have full access to both and you probably want to integrate the data (e.g. you don't want to have two completely separate calendars that you can't look at at the same time).
Add to that the fact that access to one of those domains (e.g. corporate data) needs to be revocable, and the revoking party needs to be confident that you aren't going to disable the feature by logging into the device as an administrative user and toggling a flag, and then lose the device in a Starbucks.