Yeah it's a bit worrying that the flaws are clearly in the open and ready to be exploited. Safari has a zero-day exploit that bypasses the code-signing. It's not alone of course, Firefox 3 and IE8 have similar exploits:http://www.youtube.com/watch?v=46114zQiVgg
Safari exploit to run code > enable ssh
Then you can do whatever you want as root. So much for the sandbox.
In some ways, I quite like that it's not difficult to do as the jailbreak tools were a bit worrying when the device just went black but I don't like security holes that others can maliciously exploit.