It would not be a bad idea to buid a few safety catches into firefly now that apparently more people discover the fun of accessing their library everywhere.
I already hacked a wrong password log function into it – dunno if Ron took that up into the source yet.
But something like a mechanism to block IPs that login wrong too often would likely also be nice. That plus a good pw should then likely suffice. After all its a fairly unknown port we open and a fairly rarely used service remotely. Adds a bit to security through obscurity, but we all know what that is worth.