Your statement is not totally true (yes N900 didn't have many issues since it was IT nerds only device vs. N9 is more like commercial product). Its good that end users haven't noticed any malware in N9. But ovi store QA has already rejected or removed multiple malware applications from the store... so I wouldn't be surprised at all if someday at least deb packages from unknown origin would spread to user devices in some form of useful 'utility' or 'game'. Or some 'utility' or 'game' manages to hide itself long enough to spread in to high number of devices from the store. But yes, might be danger only in theory, then then again, I wouldn't leave possible exploit hole unpached in my ubuntu system just because I know that 'most likely' no deb packages would exploit that hole.