Basically, if you have never applied a security policy to the phone, then it will ask the person who stole it if they want it to be wiped….
That is very strange.
These two posts explain it http://blogs.technet.com/sbs/archive/2007/01/11/remote-wiping-a-device-with-no-user-input.aspx
You get the options to Block, and Delete, but no option to wipe.
ATM I can’t get a security policy to push out to an iphone…. guess I will have to research some more.
Michael Ellerbeck 
If you are using Exchange 2003 then by making one change on the server you can change the “Block” into “Wipe”. Do the following: open up System Manager on the Exchange Server, expand Global Settings and right click on Mobile Services and choose Properties. Click on Device Security Settings and check Enforce Password on Device and also check Wipe Device After Failed (Attempts). I entered 999 in the attempts box since I don’t really care about that right now. Click Apply and OK to close it out. Now this will also push a requirement to your iPhone the next time you turn it on to have you set up a four digit passcode lock. You have to enter this passcode lock every time you turn on your iPhone unless you change the settings like I did so I only have to enter the code if the device has been off for 4 hours or more. That isn’t too much of a hassle. After you set up your passcode, go into your Exchange Mobile Sync Settings, click on Remote Wipe and then look up your iPhone. It should now say Wipe instead of Block.
I should also mention that I have not yet tried to remote wipe my iPhone! Use the above at your own risk. 🙂
Bob is right. I followed his suggestion and the wipe option did come up. the problem is after clicking on the wipe, it does not wipe.
the remote device wipe page does kindly show wipe initiated and sent to device. but, the dev does not get wipe at all. the only thing i notice is the sync is broke now. so, to me, it is more like a block instead of wipe.
any suggestions?