Another apparently negative packet capture.
Reports were positive enough that I felt comfortable giving this a try... This is with the first app posted, not the revised one, and run on 2.1.02 firmware.
I have a Linux-based border router/firewall between my home network and the world. I ran tcpdump(1) with options to capture anything passing through with my Archos 43's IP address.
I started the first capture, and installed and ran the root app. I stopped the capture, restarted it, then connected to Google Market.
I can't find any malicious connections in either trace. Lots of traffic to Google, ntp queries and huge amounts of ARP spam, but nothing odd or suspicious.
For those running Wireshark, or another compatible analyzer, I've attached the two (zipped) capture files. (Don't complain to me if you don't know how to open them.)
I'll be happier once someone has disassembled the ls binary, but it's looking more and more legit.
grnbrg.