With any Linux SSH if you are worried about security, I recommend disallowing root to login directly to the device. I don't have the N900 as I can't afford it, but I believe it uses openssh which would normally put the conf file in /etc/ssh/sshd_config. Set PermitRootLogin no in that file.

Since giving the default "user" account a password could mess up the phone's normal operation you would add a separate user, can call it ssh_user or something, to the device. Would also recommend using security keys if you're really that concerned and disable password ssh altogether. Add the ssh_user to your sudoers file or allow him to use "su" to get up to root.

After all, the N900 just runs Linux... and Linux is one of the most secure operating systems out there.. the security is there, you just might need to enable it and be careful not to impact the phone itself.