Allow me to cite from the http://wiki.micasaverde.com/index.php/Security_Concerns
"If this is a concern, there are a couple preventive measures you can take besides only allowing access through the FindVera service. "
None of the suggestions listed on this web-site appears to work anymore.
The promise of being able to run this system securely was one of my purchasing decisions.
Anyone who has kids that bring friends with laptops over, probably knows what I'm talking about.
Installing a separate guest-SSID comes with its own challenges (not all APs support that, and even if they do, devices are in a separate broadcast domain, which limits functionality: e.g. mDNS / UPnP).
The same web-page mentioned above goes on to say:
"So, if somebody hacked into your home network and was able to monitor your network traffic while you logged into Vera, someone who knew about network protocols could get your user username and password to Vera. "
I'm not sure why anyone would want to go through the trouble of sniffing a username/password, if you can configure / take-over the device without a username/password.
I also don't quite understand the purpose of the Admin/Guest distinction, if no password is necessary to configure more fundamental / basic functions of the system (i.e. add / remove / change any user-account you want).