I wonder if it would be against the NDA to write and distribute a targeted parser/rewriter that transforms a particular bit of FOSS code to something that runs on the iPhone?
You wouldn't be distributing your iPhone app's code. You wouldn't be distributing the FOSS code -- presumably it's already being distributed by someone else. What you would be distributing the source code for wouldn't be running on the iPhone.
I see two major flaws with this approach. First, it's invasive. You have to open an additional hole in your network to allow traffic into the app, which makes your network inherently less secure. Second, unless you do an audit of the source, there are no guarantees as to the security of the app itself. This app of unknown reliability would be acting as a 24/7 gatekeeper into your network.
You could hide it behind VPN, I guess, but that kinda defeats the purpose of secure shell.
Not really. OpenSSH is a battle-tested ssh server. You can be resonably sure that opening it to the world will not compromise your network. Not so of this ajax ssh app. Basically it's a question of exposure. Am I comfortable exposing OpenSSH? Yes. Ajax ssh app? No way. Not without further testing and widespread acceptance.