The following article is interesting. NetworkWorld interviewed a couple of folks about VoIP security. I liked a lot of the comments made by Lawrence Orans from Gartner.
Lawrence echoed the point I made in a previous post that as with email, most customers won't bother with encryption. Most people don't encrypt emails, instant messages, and probably not VoIP, at least until they are the victim of an attack.
Lawrence also makes an interesting point about voice SPAM/SPIT, in that while we will see it, its a different model than email SPAM. With email SPAM, you get the message and you can immediately click on a URL to get to the product or service being offered. With voice SPAM, the message may be in your mail box and whether it references a phone number or URL, it is something you would have to write down and use later. I agree with him that very few people would bother with this.