I don't know how good the password protection is and where it is stored. It is, for example, possible, to boot an IT from a SD-Card. Is this blocked by a password?
Is the filesystem mountable without the password?

For the rest: I believe it is a huge advantage, that the ITs are linux based.

Some random thoughts:
Concerning the emails, that woman should choose a mail provider which allows ssl-encrypted connections for sending and receiving, so even *if* there was a sniffer on the network, it would be useless to sniff the traffic.

These emails should be fetched with a mail client that saves the ssl certificate (claws mail does that for example, and it is capable of imap4-mailboxes with ~20000 mails in it). After the ssl certificate is saved, man-in-the-middle attacks are useless (as they would offer a "changed" certificate. (man-in-the-middle attack is roughly: The intruder sits on your network and watches you wanting a ssl connection to mail.provider.net. He cuts your connection but offers you *his* ssl-certificate, boasting to be mail.provider.net. The victim believes it is the certificate of his provider, accepts it and has a secure connection... to the attacker, who decodes the traffic and re-encodes it for the *true* provider, so the victim won't notice anything... except that the certificate changed...))

I don't know how well GTalk is encrypted and whether you can access it per https, but it might be worth to consider data connections via cell phone instead of wlans (but you might get a trojan on the cell phone...)

Oh, the cell phone should be as simple as possible, no symbian os or windows mobile, no camera... the less "os" the less trojanizing opportunities ;-)


/EDIT: http://www.internettablettalk.com/fo...ad.php?t=15742
discusses booting from a fully encrypted partition - so the whole file system can't be read with the IT off