"Eavesdropping is one example of an overhyped threat," said Lawrence Orans, a researcher with Gartner, in a previous interview. "Sure, it’s technically possible to execute a man-in-the-middle attack and capture packets. The reason that we hear so much about eavesdropping is that it really does illicit this visceral reaction. The main thing is to focus on the greater threats, for example attacking an IP PBX server itself." (more)
Every element of VoIP security is synergistically important.
My advice; think holistic. ~Kevin
