The Android App:
The Android App is actually an android service running in the background that gets started at boot. THERE IS NO INTERACTION REQUIRED! The APP you see is simply to be able to exit the service and send some simple serial commands for auxiliary functions but you do not need to touch the phone ever to lock/unlock your car. THATS THE WHOLE POINT.
The car does NOT simply unlock when it is in bluetooth range. It establishes a secure connection to a phone that was previously paired with a pin code. Additionally the bluetooth modem is only looking for MY particular MAC upon which it request a passkey. I would argue that 99.9% of the street criminals are not familiar with man in the middle attacks and do not carry around the equipment to pull this off. In fact most people who would be able to do this probably have a very well paid job.
Regardless I do see the concerns.
Since the Bluesmirf modem, which is powered by the vehicle, does look for my phone my phone will not use any more battery than usual when away from the car. Once you get close and the devices are connected the battery will drain but only until I Start my vehicle. When I start the vehicle the arduino will send the command to disconnect and actually turn of the Bluetooth modem. Once the ignition is off the BT modem is turned back on.
Q: "What Happens When you Phone dies?" - You should call a friend to bring your spare keys. Ohh wait...Kidding aside, this is a very good question and my thoughts are the following. Have an RFID tag on the back of your phone that is read through the windshield. Perhaps have a secret micro usb charging outlet somewhere on the car , but I feel this not very practical.
My solution was simpler: I have Tasker, which is a macro/automation program for android, simply shut down my phone when the batter level is at 4%. I would only restart my phone when I am back at the car or if I need to dial 911.