Of all the talk about the Stagefright exploit, its most sinister aspect is the delivery: all it takes is the phone number of the target. An MMS is sent to the victim with the payload as part of a video, and the attack takes over even if the message is not read by the user. Worse, elevated privileges mean any trace of the attack can be removed before the user is aware of the problem.
I'm currently tracking the Stagefright exploit on Android with considerable interest (and, I'll admit, a modicum of trepidation). While I think many of the fears about widespread attacks on the "billions" of Android devices are largely unfounded, I also think the exploit is simple enough and thus serious enough to warrant attention from Android users.