It’s a bug that’s likely going away soon, but for the time being, you can get at a locked iPhone’s contact list, and a few other apps, using a fake-out of the phone’s “Emergency call” feature.
If you press the “Emergency call” button on a phone that’s locked by passcode, you’ll get a dialer. Dial a fake number, then as soon as the red buttton allowing a hang-up appears, press the sleep button on the top of the iPhone. You’re brought to the phone’s contact list, and from there, you can launch the phone’s real dialer, share contacts through email (and then re-write the email to whomever you’d like), and get at the multi-tasking apps running, although they won’t all work.
The exploit, now widely published, appears to work on iPhones running the latest iOS 4.1 firmware, but it’s reportedly been fixed in beta developer releases now out. It’s definitely something that mean-minded folks could exploit, so keep it in mind when you’re out and about with your iPhone.