I haven't yet tried Sonar, but as you've pointed out the security being a bit of a concern, could there be some kind of a key mechanism to authenticate clients? Sonar would generate a key on installation and the connecting clients would be required to pass that key when they connect. Just like a regular API key. Of course it would mean the users would need to manually copy-paste the key from Sonar to the client app, but anyone paying the least amount of interest to security would probably be willing to do that anyway.

I really should try the new versions out, I've just grown used to going around with Wifi always enabled out of laziness (which isn't necessarily good for security, either).