Let me just prefix this by saying I don't do any of what I've written below, I'm quite apathetic really.

I guess ultimately there are really just two big issues that most of us would care to worry about.

1. Code that intentionally damages your data.
2. Applications that make use of networking features to benefit from your data. (Spyware mainly)

How to mitigate these problems:

1. Anti-virus / anti-spyware and so on. Scan your N900 filesystem over sshfs, NFS, CIFS, or whatever protocol you have handy that gives your scanner full access.

Additionally look around for rootkit detection or preventative measures. Maybe also contemplate running clamav.

2. Install iptables, tcpdump, wireshark, nmap, and various other networking odds and ends, then monitor for a while. If you see anything you don't like, kill it.

Linux. It comes with an almost infinitely steep learning curve : )