It shouldn't be a question of how hard, rather it should be a question of when. Given the large number of nodes discussing exactly this, many with advice from the gods, I have no doubt a sane security policy can be put in place.

The real questions are:

• When?
• How will the users be informed?