Or Debian's OpenSSH key debacle. In both cases it was due to package maintainer's fault instead of upstream. Because when installing the software, the system should by default protect the user and only at their explicit authentication do something Very Stupid (like enable a user account with default username/password; pathetic this still happens TBH!). If the method user uses to do this something Very Stupid is one of the normal pathways it'll warn. Like for example, the user installs the SSH server package. But if the user takes different paths, say compiles and installs their own SSH server or plays with /etc/pam.* then that is their responsibility. The difference between Maemo and Symbian, is that Symbian would only allow signed binaries, and that these binaries have several capabilities defined which a user is reasonably able to understand. Linux, and *BSD, can provide something akin to this but the OSes were not designed from the ground with this design in mind. We have some Brainstorms related to this issue btw, and Nokia has some plans too for Maemo 6. See wiki page Maemo Security.