Trivial maybe in 2009, but now future life of N900 depends on them (gcc/libstdc++...).
Seeing a build process of something that includes malicious .so helps how exactly?
Can't fully agree. It's not the case of apt-get upgrade or dist-upgrade - package mentioned in first post is a dependency of many other packages, so, even upgrading "theoretically" safe thing like NES or PS emulator (which one agrees to download from -devel, due to trust for developer), people will get broken system core package, without fault on side from developer of mentioned emulator!