1. SSH is not something a normal jailbreaker would install these days. In the early days of jailbreaking, yes, you’d need SSH to get apps onto the thing. Nowadays, almost nobody bothers with it. blackra1n and the like install Cydia, which gives you access to loads of apps. SSH is entirely not required.

2. Jailbreaking disables code signing enforcement, yes, but that isn’t what makes the device “secure”. That’s what makes it “controlled” by Apple. That is all it really does. An exploit could feasibly exist in any application, signed or not, that would allow for remote arbitrary code execution. Apple is signing based on their terms of service and their own guidelines. They’re not security auditing every single piece of code that is in an iPhone application.

It’s only a matter of time before somebody discovers and uses a vulnerability in an AppStore app, and then being jailbroken or not won’t make any difference. The only difference will be whether you have the app in question or not.

1. Many people with jailbroken iPhones did not do the jailbreak themselves. They have no idea if SSH is enabled having probably never heard of SSH. And they have no idea how to set the root password. They went to a friend or a vendor and had their iPhone jailbroken so they could modify the UI or pirate apps from app store. They are not technically inclined.

2. Even if you close off this security hole, you are still more vulnerable than the population of un-jailbroken iPhones. As Dino Dai Zovi who is a security researcher says (via Daring Fireball) , “Also, remember that jailbreaking your iPhone disables code signing enforcement. That’€™s the thing that makes exploits so hard on iPhone.” You are basically opening up a potential security hole when you jailbreak. No one can predict if more exploits are coming but given the history of malware, it is hard to believe that it won’t happen.