@MasterOfUs Now that I have had a good sleep I figured that proposing to use SSH is just raising the hurdle once more but not solving the concern. Why? Because some kind of secret (probably SSH key) needs to be included in the FOS inits to authenticate when connecting. Even if this is done properly (random generated key pair) we can not prevent an attacker from loading the FOS init manually and extracting the secret, right?
So making it secure would mean the user needs to enter a connect passphrase manually on each deploy/capture.