What???

While quickly caught by Apple,

Quickly, as in "Damn, we just read about this on the internet, we better pull it before ATT starts crying like a kid at the grocery store whose mother won't let him buy a candy bar!"

Handy Light has raised questions of security at the App Store. By burying functions, less benign apps could potentially unleash malware or other unwanted content.

Um, right. This is the same thing most people have been saying against the "Apple will protect us!" AppStore proponents. h***, they could just shove a "Turn on these functions starting on day x**" kind of thing, let alone 'number of uses' or 'time of day' or simply 'connect to web site, see if page tells me to turn on spam application'.

Which also should make one wary of ever putting an ATT sponsored app on their phone. I could see them putting in a bunch of "download this 10MB file every hour" type of background process to run up your data usage and cause you to pay higher fees.

Apple screening processes are nominally set up to catch both security threats and rule violations, though the process has not been perfect.

Apple's screening process is set up to make sure the apps don't crash on launch, don't call 'hidden' APIs, doesn't contain really bad words or images and, if it does, it is marked for the proper age group, and stuff like that. There's no way Apple can verify what the software is actually doing unless it actually gets the source code and compiles it themselves. They could try to reverse engineer the code, but that would violate the DMCA, wouldn't it?