The device lock is decent; but if someone got your device, who knew Internet Tablets in particular and Linux in general, he might be able to get stuff off.

Known risk factors:

• Data on SD card
• Serial console enabled
• Running powerlaunch with default config
• Using factory passcode

Now I'm reaching, but figure I oughtta mention these guesses:

• Autoconnecting to WAPs and running ssh-server with easily guessable password
• Having trusted pairing with any BT device (whose MAC add. he might be able to get while/before he gets your N800)

Of course, there's always reflashing, and I think you can reflash the required parts of the device to gain access (e.g. enable serial console) without wiping the personal data, but few would know how.