Interesting Apple security news is being reported today. Apparently some Apple devices have been hijacked via Apple's "Find My iPhone" feature. How? Likely via poorly defended iCloud accounts, i.e., iCloud accounts with weak passwords.
Once you have access to iCloud, you have access to the Find My iPhone's "Lost Mode", which can be used to lock associated devices and send messages such as "Reward if found! Call this number."
Or then it could be an extortion attempt.
Here's an example from a German colleague's iPhone:
According to the sources linked above, "Oleg Pliss" is demanding money to a PayPal account. If the iPhone user has a passcode, they can unlock their device. If they don't have a passcode set… then they have a problem.
It's also worth mentioning the Find My iPhone feature includes a "Delete" option. Besides extortion, your iPhone can also be burned. And remember too that iCloud provides access to contacts and calendars.
So… besides enabling a passcode, you should also be using a strong and unique password for your Apple/iCloud/iTunes account. Sure, it will be annoying to input when you want to buy an app — but that's the price you'll need to pay.