Right now, communicating over untrusted networks is pretty risky. Man in the middle attacks and sniffing will both crack the cluster wide open, no matter what people use as Credentials.

Implementing something like Diffie-Hellman can protect against the sniffing, but not the man in the middle. TLS would take care of it, but is probably overkill.

Source: http://www.reddit.com/r/programming/comments/11sgc7/pastry_a_distributed_hash_table_in_go/c6pc90v