Do you really mean to tell me you think we've got not one, but two testing processes each so bulletproof that a Trojan couldn't make it through, and Apple and Google are what, simply incompetent? Keep in mind we have two completely independent routes to the device -- the community option where apps go through extras-testing->testers->extras, and the Ovi store (I've no clue what sort of QC Ovi imposes on that side), and an attacker can pick whichever is less secure.

We're Trojan-free for one reason, and that's because we are not popular enough to be worth attacking. Compared with Android's capabilities-based security, we're really not even trying. (I'm not complaining here -- I'd rather not have that security layer in the way -- but facts are facts.)