Since no Maemo originally shipped bash, you can be certainly sure no script is using it (unless you replaced /bin/sh with bash but I know for sure that didn't work on Fremantle). So it's also not exploitable.