George Ou of ZDNet reports that the 802.1X authentication techniques used on some Wi-Fi handsets may be vulnerable. The problem is that these handsets may not validate the certificate from the authentication server. This design choice speeds up roaming, but means that the handset could disclose user login credentials to a sophisticated, determined attacker. Ou suggests using WPA-PSK with a long password instead of 802.1X with these handsets.
Vocera’s documentation, which Ou references, has more depth on the performance trade-offs of various Wi-Fi security options.