Everything after you enter the password to your vnc server is unsecure (the windows session) so entering passwords via VNC isn't a good idea as long as you do not use a proper tunnel. Nowadays most routers are able to serve as VPN server, at least with custom firmware. The easiest way is to use a ssh-tunnel (that's also for windows).
You setup your home-machine's VNC to allow only localhost connections to be on the safe side, if you got problems with that try without but don't publish the port outside your private network. Ssh to your machine with forwarding the port from your home-machine to n900 with port +1 (you can use any port if it is not used yet but 5901 is just fine) as the default port is the same for the n900's 1st vnc-server (first VNC server gets 5900 second 5901 and so on).

syntax
ssh -L LocalPort:ServiceHost:ServicePort SSHID@SSHHost
for me this is
ssh -L 5901:myhost.dyndns.org:5900 chemist@myhost.dyndns.org

in ~/.ssh/config you may set this up as default so you don't need to type it everytime you connect to your home-machine.

Most routers are able to do dyndns.org keep alives for custom DNS entries for your IP (static and dynamic), it is a free service as long as you don't want special things.