It depends how you define "secure." There are numerous weaknesses of 2G (GSM) security that were addressed in the 3G (UMTS) standards. The major ones: 1) GSM supports one-way authentication only (handset to network), so man-in-the-middle attacks are possible; 2) encryption is optional, and when turned on by the carrier, only covers the air interface between the phone and the basestation, leaving base transceiver station (BTS) to base station controller (BSC) connections, often a microwave links, effectively unprotected; 3) GSM encryption keys are not long enough to make brute force attacks impractical (A5/1, the strongest version of GSM encryption, has a 64-bit key); 4) GSM does not support data integrity protection, making false BTS attacks like Paget's DEFCON demo possible; and 5) encryption keys and authentication data are transmitted in the clear within a network and between networks when the phone is roaming. (Ref.: 3GPP TS 33.120, 3GPP TS 21.133).

A 3G-only phone isn't susceptible to attacks that attempt to coerce a handset into 2G operation and exploit the weaknesses of GSM security. However, UMTS networks, because they're packet-based, still have to contend with DoS attacks and other Internet headaches.