Still, some "real" replacement for DES lock code (resembling modern BIOS codes in notebooks) would be nice to have. Sure, current approach with disabling need for code after reflash is useful, for people that forget code they've set - but, having reflash-persistent way of locking device, as something between (security-wise) current lock code, and encrypting everything with truecrypt (most secure, but less resource-friendly) could be useful.

But, that would require using write-only parts of NAND, and it's probably out of scope for most coders. Using TrueCrypt is less troublesome to implement, and more secure (sacrificing performance a little, if You decide to crypt everything).

/Estel


// Edit

Of course, totally agree with NIN101, that best way is to store "sensitive" data only on encrypted parts (thus, avoiding encrypting everything), or avoiding storing such data in mobile device, is best approach.

Honestly, I doubt the latter method (avoiding) - considering, how our n900 is a real computer.