To be honest, my experience with apps is minimal at best. I'm mostly a site designer and programmer. I'm sure there's a way to open an SSL connection and do a post, however - it's such a basic communication method. Since Authorize.net's AIM method requires doing that very thing, you might try digging through the iPhone SDK and finding the communication portion of the code.
On Simple Checkout - it's very simple. There are no customization features to speak of, and if you want to do that sort of thing, your best bet is to set up SIM or DPM on your web site, and just send whatever non-secure info you already have from your app (amount being paid, name, address, phone number, whatever) to get things started, using POST or a query string in the URL depending on how much control you have over the browser. If using SIM, you'll then have the form auto submit to Authorize.net using Javascript, where the customer can fill out any remaining info (the list of fields can be customized in your Authorize.net control panel), and if using DPM, you'll prefill the appropriate fields on your custom form.
I wish I knew what the official guidelines for cell phone security are / will be. One would think that if the consumer is making a payment using an app on his own phone, he's responsible for its security just like if he were using a web browser on his personal computer, and you're only responsible for the security of the communication stream and the web site on the other end, but who knows? Mobile payment is relatively new and there doesn't seem to be a simple set of guidelines I can reference.
Yes, the ready-made IOS code is secure. It just requires registering every phone, which doesn't sound like what you need.