There's an article going around recently about hacking "smart homes", and it's mostly about how the INSTEON Hub shipped with passwordless access by default. http://www.forbes.com/sites/kashmirhill ... omes-hack/
Seems like this would be a good time for Indigo to require setting up a password before permitting remote access. (I just set one up myself, but it's not good that I got this far without even really noticing that the option for a password existed)