Does it have separation between baseband and application processors?
Otherwise any security hole in the baseband processor (rarely checked for, but very likely to exist) would compromise the whole machine.
Other than that, if it has a browser, it likely has security problems. Even if you sandbox the browser, the browser can exploit itself which is bad enough for most people.
Then there'S the problem of how tamper proof the device actually is. It likely has a wire wrapped around its insides, or perhaps some flexboard fullfilling the same purpose. If that's not done properly, it's possible to circumvent that, for example by short circuiting part of it.