Whether people are adopting VDI as supplemental support for the transition to first-class web/mobile workflow might be interesting during the transition, but the end result is the same.

Making BYOD work means building an enterprise that needs far, far fewer Windows desktop "seats" than they do today.

VDI has a strong value proposition as a solution for those remaining seats, but that number is going to be very, very small compared to what people deal with today.

In the long term there are potentially other technological solutions to these issues.

Evolutions in sandboxing (broadly construed, everything from what we see with mobile apps up to full virtualization) may give us a point at which an IT department can, for most businesses/purposes, reasonably satisfy itself of the security of the "enterprise apps" running on a non-malicious employee's laptop, without completely taking over the system image.

Precisely. When VNC (for example) is the only way company secrets ever reach your machine, said machine does not need to be as trusted.

As with DRM - you can't make data accessible to an untrusted client and retain any control over how it might be (mis)used.

Anyone telling you that you can, is selling something.

VDI and VNC might make a certain class of contemporary malicious use/programs less convenient, but malicious code and habits will change far, far faster than enterprise architecture.

Obviously sophisticated screenreading software could extract secrets through VNC, or malware could be entered via keyboard.

But the "VNC gap" immediately obviates the risk of unsophisticated attacks. No more viruses spreading over SMB. Rather limited bandwidth (preventing raw copies of The Hobbit in 4k from being ripped via VNC).

It isn't bulletproof, but you can't pretend it doesn't help.