That message is to allow additional permissions to enable remote wipe and password enforcement by Exchange. I can definitely say that if you are getting that message, you DO have some sort of password policies in place - check again. I have been messing with the email app for a few weeks, and am the admin of an exchange server at my job - I initially had no security policies whatsoever on the server. This condition will only allow an admin to "block" syncing of a particular phone. Once you enable some policies, this additional service has to kick in on your phone, to allow remote wipe, lockscreen pw enforcement, etc.. This is all working perfectly for syncing between my droid and my server.
I would not expect this function to be change in CM - this is working as intended as far as I know, and should be a boon for people wanting to use their Android in place of the customary boring winmo and blackberry phones. This was added I believe about a week ago - see this: github commit
I am willing to look into actual issues with this, though at this time we run Exchange 2003sp2, so any problems specific to 2007 or 2010 I may not be able to assist with.