I'm sorry to revive a very old topic. However, i think that this threat is real, of course long secret keys bring down the risk of theft, but... Why do you think about this suggestion : " You can activate an option that require that a new device connecting to a shared secret should be accepted by another device ". So, a device creates a key; if a second device try to connect, it should be accepted by the first one; just as bluetooth works. As simple as today, but without any risks of accidental / unallowed connection.