Thanks for the link allnameswereout, there are slides on there and stuff!
Most people will probably stay in closed mode which seems pretty good security-wise if only downloading stuff from Ovi.

Now theres just the issue of browser or e-mail or other client exploits
As we have seen with all the iphone jailbreaking, they are basically exploiting the browser or some client, so it is safe to assume there will be the same issues with MeeGo/Harmattan.

I liked aegis manifest file for declaring what you are going to use in your app (that info could come up as a popup and warn the user about the capabilities the app will have if they choose to continue installation)
Oh and the protected storage.. hopefully email, sms and mms will be in protected storage (but that would make that data inaccessable in open mode though)

As you said allnameswereout theres still a big need for sandboxing or better/simpler ACLs (capability-based like apparmor) for each app (based on the aegis manifest perhaps?)