Mike Calligaro, having blogged about why the X in Windows Mobile does not close applications and survived, has now posted an entry on why Microsoft removed the ability to synchronize over Wi-Fi from ActiveSync starting with version 4.0. In a nutshell, there are two reasons for the decision and both have to do with security. First, ActiveSync does not encrypt data from the desktop. Anyone intercepting your data would have no trouble reading it. Second is that the ActiveSync authentication between is not strong enough to ensure that the device connected is truly that device. Someone could fairly easily impersonate your device, connect to Activesync and have your desktop send it all your information.
The article goes on to explain how such an insecure feature made it into ActiveSync in the first place.
In the end, we may not agree with Microsoft’s decision but the article does shed some light on why the decision was made. And Mike does not rule out that a secure version of Wi-Fi Sync could be back in a future version (just don’t ask him when).