Yeah, I didn't think that would be the case (licensing). My guess is that they've got some unfinished windows update stub programming in Windows Mobile 5 that would let them bootstrap an update procedure if they really needed to. While I'm no hacker, it seems like Windows Mobile is probably riddled with security holes, but nobody's really targeted it yet, so we're not yet pressured to secure them.
After all, what is the codebase for Windows Mobile 5? It's not NT/XP based (that'd be 'Windows XP Embedded'). If it's Windows CE then I'm sure it's full of crufty coding (given the age of the codebase). Dunno. It is interesting behavior tho.
-Zeke
_________________________
WWFSMD?