Maemo is based on Debian, which uses DEB-packages, which do not have embedded cryptographic signatures (like RPM packages usually have); so from where ever you install outside of the repositories you take extra risks and you cannot find anyone in responsible of possible Trojan horses.