This discussion is somewhat silly. The Nokia Internet Tablets (NITs) are generally secure because they are not ran by many people as mentioned before. Additionally, while a device can be attacked, there has to be a motive to a degree.

The NIT is not by default very accessible from the internet making a firewall a moot point. Any services installed later (such as SSH) come with inherent issues that a person should know about before installing those applications. However, without installing those additional applications, I don't think the NIT can be accessed remotely.

So, the only attack avenues left are local and application. The local aspect is additionally silly because if a person has your NIT then... they have your NIT! While there exists a way to lock the screen with a password, it isn't the most friendly thing possible (it doesn't support key/screen locking as well). Still, any files on an SD card would be accessible even if the device wasn't.

However, for remote attack, the only thing left is applications. New users won't dabble much with this, advanced users would prefer applications they can see the code for (open source), and malicious attackers don't have much of a way to get their information inside a program. True, they can port an application to a newer OS release and put malware in there at the same time, but the attacker would have to know the new OS. Besides, if the port release isn't open source with the original being open source, many folks would be very suspicious. However, any issues with applications apply to anything that runs programs such as any operating system.

The NIT isn't any less secure than it has to be. Fortunately, the NIT is Linux at the core so security related programs can be ported over. The NIT, like Windows Mobile and Palm, doesn't have a firewall or really a way of protecting from an attack... simply because there is nothing there to attack.

If you are carrying national security secret information on your device then you are rather foolish. If somebody wanted to attack you specifically with no limits to time or money spent on their part then they can succeed. However, as an individual, I assume you would want to protect your information just as adamantly.

There is a TON of people out there, most do not use the NIT. An attacker wants a maximum return of information from as much people as possible. Because of that, they will steer clear of the NIT, Linux, and other niche areas. It simply isn't worth their time since an attacker would find more success elsewhere.

Still, it is sad that this thread is becoming the subject of a Wikipedia edit war. Even though I am speaking from my own experiences, I would think that the other side of this argument (that NITs are insecure) should be sourced with something more reliable than another person's experiences (especially since the insecure argument isn't believed by many).

Ah well... I thought I would provide my 2 cent rant...