the problem with smartpone security is not root access. It is user data access, which are obviously not prevented in any way by running programms as user and not root.
This is also true for a linux box, because it only depends on the fact that critical informations are stored on the device unencrypted.
This is should be managed by a security framework, sandboxing applications and restricting API, and this is completely absent from the N900.
You may have to check, but it's fairly possible that recording the screen and the mic can be done with user privileges.
Also, because the kernel is unmaintained, sudoers list is most likely not the only way to get root level anymore (possible security breaches).

So it's more like youre average 2 years old system, without the security framework.