Perhaps this is related to people adding a custom cab or registry fix to disable the Exchange lock policy. Certain companies, ours included, push out a default lock policy that will lock the phone and force a PIN to be entered to unlock it after a certain amount of time e.g. 15 minutes of inactivity. Normally the end-user cannot undo / remove this policy. There is a registry tweak and cab out there to circumvent the policy though
If the IT security group at the company detect this, then that would most certainly present a problem for the employee. Perhaps this is what you may have read about in the past???