It all really comes down to a simple equation:

User's power = user's responsibility

In the old days, dumb phones came preloaded with software. User had no power, and no responsibility. Devices were 100% as secure as the user could make them.

Then came companies like Rim and Apple that brought some amount of user control. A user had some access to their device, and could expose some aspects of it to malicious code.

With Android and the n900, the user is in nearly 100% control.

Now you can argue that the host OS should provide some level of "protection" against intentionally malicious code, but I submit that in the end, trying to secure a user's device while granting them control is a losing battle.

Why? Because at the end of the day, the user makes the call. If the user wants to install malware, they have the right.

All you can do is provide them with the tools to stay safe. Process and memory isolation, of course. Application-level firewalls. Logs. Warning dialogs. File and API permissions...

If they choose to use those tools, and think things through, they'll only get rooted if the system has its own exposed exploits.

If they click OK, OK, next... well...

With great power comes great responsibility, right?

*edit*

I just re-read this and it may be coming out wrong.

The only bad security is insufficient security.. where the user can't restrict access when he/she wants to.

I don't mean that application jails and warning dialogs are bad things... I just don't think they offer much security to users who are essentially intent on getting owned (through laziness or inattentiveness).