When adding a new device (only the encrypted key is needed) there is no authorization process ! What about security ? If the key is sent by email / SMS / whatever, it could be compromised and somebody could synchronize without your knowledge, this is a huge security hole !