Capability-based security and signed binaries. Oh, wait...

IMO one big issue is when Gecko engine isn't updated anymore. Or its plugins, like Flash. Or just lack of Maemo security updates in general.

My Nokia N900 will be behind NAT a lot, so I'm not so afraid for services being exploited. Because worms exploit services they're not an issue. Trojan horses via e-mail, or malicious web content are the culprits I foresee.

Plus, at some point those who kept ranting about Symbian's 'horrible' certificate-based signed binaries and capability-based security will see the other side of the blade: the disadvantage of the lack thereof.