This is quite common for firmwares and phones that you obtain from a carrier (these are known as "branded" firmwares and phones).
It's part of what you sacrifice for the subsidized price ("regular" price of the Xenon is multi-hundred dollars).
Now that it's open for hacking, there's a possibility that someone will come up with a way to de-brand the firmware, but unlike many other phones, word on the street is that no "generic" or unbranded firmware exists for the Xenon. So best case someone will find a way to remove those shortcuts.
As for security, your SIM card is your identification to the network, so if someone gets your phone, not only could they make calls, but they'd have some amount of access to your account too.
All carrier phones I know of have this function in one way or another, whether it's a built-in application, a web link, or a *__# code.
To avoid this happening, you can set a PIN on your phone, so to unlock it you'd need to enter the PIN.
Alternatively
or additionally, you can also protect your SIM with a PIN, which would require someone to enter a PIN to use your SIM.
The drawback is that entering your PIN gets really old really fast.
Some kind of keychain dongle would be nice. Back in the day I had an app called
Bluekey on my Palm that would lock it unless a registered Bluetooth device was in range - or I entered a PIN.
Unfortunately I haven't seen such an app for other platforms yet, and on the Xenon it'd likely have to be a native app, so unlikely to see one there.
