The stuff you download from the repo is already compiled. Nobody guarantees that there isn't a backdoor. You can compare the repo with a closed source download. Even on Open Source projects, not everyone verifys that the packet which he has download wasn't replaced during a MITM-Attack(yeah I know, paranoid). And of course nearly nobody has the time to read a source code of a program fully (and undertand it). And not everyone has the skills to find a good backdoor. So you are not really protected against a good backdoor. Of course, in OpenSource projects it's still more unlikely than in closed source software.

Personally, I don't store passwords in microb/firefox. If so, then only with a master password. I encrypted the whole MyDocs partition with TrueCrypt. I moved the phonebook, SMS database, $HOME/.mozilla etc. into it. I also enabled the lock key for protection, because all my data would be accessable when the phone isn't off. So if my phone gets stolen, "they" can't access most of my personal files. The one thing they can do is to reflash the device, crack the DES lock code and have fun with it.

Oh, if you use some passwords in GUI applications, make sure that this auto complete stuff is deactivated, because it will probably store it in /home/user/.osso/dictionaries/.personal.dictionary. It was a nice awakening when I found out about it :-).