If you’ve been following some of the work on the predevwiki site, you may have noticed a recent post (http://predev.wikidot.com/installing-apps-without-rooting) about how email links can be used to install arbitrary packages to Pre. The issue has been corrected and an update is available, and we encourage all customers to apply the update at their earliest convenience.
This is a good opportunity to point people to http://www.palm.com/us/company/security/index.html on our web site. We have contact information there for reporting security-related issues and appreciate it when people reach out to us. We try to stay on top of the forums and sites, but proactive notification helps make webOS a better and safer platform. We always appreciate the work the developer community does and the efforts made by folks to report such issues.
Chief Security Architect, Palm Inc.