Uh, yeah, that is the other part which goes hand in hand with signed binaries, the great capability-based security Symbian has. If you install an application in Symbian you can check the signature (and Symbian does itself too), and you can check the capabilities it requires. Actually, by default on E-Series, you will only be able to run executables signed by Symbian Foundation (this is a bit like an App Store jail) although one can enabled self signed binaries.

Linux (by default) lacks capability-based security although there are various ACL implementations (not same as capability-based security but tries to be) its being mentioned in the slide 6:

This is a feature Symbian has, and Linux not (by default), and getting something akin enabled and working well takes a lot of effort. Especially all those policies. This is also a reason why N900/Maemo 5 is not ready for the masses. Yet... also, capability-based security asks the user for interaction to decide. This shifts control and responsibility to the user.

Trojan repositories are just one vector btw. There are more. Intentional programming errors, for example. Or unpatched vulnerabilities in Flash, Gecko which are patched by upstream but not backported by Nokia ...