Using a plain password on a Maemo device is vulnerable.

It does not use shadow password files and the default crypto is a very weak Traditional DES encryption which is very easy to break. Since passwords are limited to max 8 characters it also does not matter how large or 'strong' you make your passwords.

/etc/passwd is readable for everybody, so basically anyone that can get a hold of your device for 5 mins can email/copy the passwd file and use a bruteforce cracker to find your passwords in a matter of hours.

The only thing that I could recommend is keeping your /etc/passwd file empty (aka do not use passwd) and instead copy your ssh public key to the device and use that for logging in remotely.

p.s. sorry for bumping this thread... forum uses MM-DD-YYYY which is extremely confusion....