That's great, in theory, but the published code is what the community can review, not the binaries. I suspect that, even here, few individuals recompile apps after inspecting the source code.

Thus it is not community review but trusted sites that is the key. Open source allows a trusted site to recompile binaries and verify that they match the developer's compiled binaries. They can also review the code and run it past malware scanners. I would hope that sites such as Maemo do this on a regular basis.

Linux is in no way malware free. It's enough of a problem that there's a Wikipedia article on it with many other articles discussing the particular nasties that have been found:

http://en.wikipedia.org/wiki/List_of...mputer_viruses