The way Android is structured, some apps are in a read-write filesystem and can be uninstalled, some are in 'ROM' (a read-only filesystem in the flash that is only modified when you do a firmware update) and so can't be uninstalled. As of Android 4, they can be hidden from the UI, but they're still there (and there have been instances where 'disabled' apps still had exploitable vulnerabilities).
I'd love to be able to buy an Android tablet with an absolute minimum of things in the ROM image and everything else installed in an upgradeable form.
When you're talking about completely independent jurisdictions then the tax is covered by trade treaties. You either need to pay import / export duties, or there is a treaty that waives them. Taxes in one jurisdiction don't apply to people in another. The situation in the EU, for example, is that member countries agree to waive all import duties on goods from each other, but in exchange they charge VAT on all sales, even those destined for export, at the same rate, and those rates are harmonised such that they don't differ enough between member states to provide a strong economic incentive to buy things from the cheapest one.
When you're talking about a single jurisdiction, it's somewhat different. The states in the USA are explicitly (by the constitution) prohibited from imposing import duties on things coming from other states, so there's no simple way for an individual states to work around the race to the bottom that happens when one state starts having lower sales taxes than another.
One of the more interesting bits of malware I've seen recently ran in the controller for USB keyboards. These things have 128KB of flash, of which about 10KB was free. That was enough for a keylogger that was triggered by certain stimuli (e.g. power just turned on, 'su' typed) to record short segments, and which would dump its buffer into a special USB device plugged into the USB hub on the back of the keyboard. You could install a load of them in an office somewhere and just have a cleaner come around and plug things into the backs as he went around the room.
For a decade or so, flash has been cheap enough to use as a replacement for ROM and the benefits are obvious to a hardware manufacturer. You can delay ROM programming until after final assembly, giving you a shorter time to market and you can do bug fixes in the field. Both of these mean that you want to have a bit more flash capacity than you actually need, because either you don't know the final firmware size when you spec the device, or you might want to add some features later.
Firewire yes. Firewire can muck around with system RAM directly.
Well, not exactly. It is possible to configure a FireWire controller's DMA access to have full access to the system RAM. Apple does this so that you can use an iPod to get crash dumps (then disables it because it's a security hole, then reopens it in the next release because sysadmins complain that they can't get crash dumps, then disables it because...). You'll typically have an IOMMU between the FireWire chip and the system RAM though, so it's possible for the host to restrict this access.
USB cannot it all has to go via the CPU.
Modern USB controllers also support DMA. If there's a bug in the controller firmware, then this could be exploited to allow device-initiated, rather than driver-initiated, DMA.
Murphy's Law, that brash proletarian restatement of Godel's Theorem. -- Thomas Pynchon, "Gravity's Rainbow"