As vulnerable as any other computer. I doubt most people do extensive analysis, so it's entirely possible. At the very least, programs that have their sources in the repository can be looked at whereas closed Android software can't.

For the N900 however, the smaller user base and slightly higher barrier for app creation generally makes mostly useless data sniffing apps not very valuable.

It could be worse, your OS could be spying on you for advertising purposes