Boox devices are riddled with phone home to all sorts of domains, including to .cn domains, just run tcpdump on your firewall and watch. You should do absolutely nothing security conscious with them. For example, like putting keys on them, or sshing into a box with them.

At least with vnc, you could create a private network between the boox and your linux box, and it'd be sharing the screen. Still an issue, but passwords and hidden fields would be typed on the keyboard on the Linux box, not the boox.

I rooted mine, and installed afwall, and still won't ever used it for anything security conscious.