I had a similar worry and started another thread because I didn't find this one. My suggestion would be instead of just the secret which is the address, have another key which is the authentication token. I am not sure if it would work with the technology and how you have central authentication on a distributed service, but something like a a second key would dramatically increase the security, it is the basis for most security on the web, your email or username is the identifier like the secret is in this case, and the password is the authentication token. Again, I don't know how it would work in practice, but ideally it would be good to limit the users who can access a file. So in the extremely unlikely case that they stumble across the secret, they would still not have access and would then have to try brute force the authentication token to gain access. Would a designated list of rsa public keys work? The original host whitelists an rsa key, and it automatically propagates to the peers? Sorry if I am suggesting stupid things, I have only a vague idea of how this all works. Cheers