Maemo is not a quick paint job. It does not come with any open ports by default (note that this is not really a hard job any longer; you'll have to recheck your assumptions about "Linux systems with all the standard security issues", since Ubuntu does not come with a default root password nor open ports by default). Of course, preventing the user himself to do something with the device is against what Maemo is, so hopefully we're not going to see any of that ugly "nanny operating system" stuff.