That´s right, you find it first
The buffer security check works using a cookie for any function that access local variables by reference. The __secutiry_check_cookie is a function that its added by the compiler before the return of this function anytime this situation appear.
The error link appears because, in order to use this secutiry check, you must first initialize the cookie by calling some function we are not using in our InitApplication (We are not using the Secutiry Buffer Check in GledPlay) and I guess it is not added in the Visual Studio's "Create smart device project for Pocket PC 2003"
Also, as you say, the compiler is using by default this check activated for PPC, and that´s why the error appears in PPC and not in PC.
If you like the subject, The Secutiry Buffer Check is described in this book; "Reversing: Secrets of Reverse Engineering" written by Eldad Eilam. Maybe you find it interesting.