To improve security on the N900 for web browsing, we need to do 2 things. First we need to make sure the root certificate store is up-to-date (CSSU has it in maemo-security-certman repo so we need to update it there if there is anything that needs doing to that repo) and secondly we need to upgrade/fix/improve nss inside microb-engine (and make the relavent changes to microb-engine as well). Its definatly possible in that all the relavent bits are 100% FOSS, it just needs someone that understands Gecko, NSS and microb-engine who can do the work