Newer Windows and now iPhone's version of macOS X have some heap/mmap/base adresse randomisation built-in...

I think it would be very important to the platform's future to integrate such features as they don't cost much in terms of cpu cycles but saves a lot of headaches if a worm was to be written for it...
And we all know every platform has holes!

A project like grsecurity should be ported to the base kernel in time for Harmattan (hopefully grsec is not too x86 specific).

Other security measures are of course to be considered but this would really put a basic trust level on the system by stopping most remote attacks (granted this is not a server and won't get exploited through some php coding errors like it's most often the case).

If you think exploits only work on servers, think again!
People are hacking servers to modify them so they can then trigger exploits in the clients visiting the server, this solution would result in your application crashing, but that's all, your n900 will not be owned by some remote mob... This is very important as this platform contains everything that is personal in your life.