I doubt we'll have to worry about PR1.3 introducing nAds support.

As for spyware, I'm sure it's possible. One of the nice parts about the garage system though is that it builds the debs from the source in the garage. So if you want to, you can always look at the code. I suspect if something like that were to happen, eventually it would be picked up (like the MyNokia thing was) and a huge stink would be raised about it, with proof in the form of source code.

As for reviewing, I know I looked through the code in the garage for a few apps I was "worried" about that need passwords (for things like IM services and the like). I'm sure most don't bother, but there are at least a few people on here that tend to do that, which is often enough to catch something like this early on.

I also think most people here are developing for the N900 because they have one, and want to make the device/community/experience richer. Not just developing to make themselves richer, like on other socially popular commercial platforms. It's a different mind set, and because of that the risk is lower.