[brudgers]

To me, the place to start is a risk assessment. Part of the risk is replacing a field deployed proven technology with a prototype. Part of the risk is securing information accessible on the web versus securing information embedded directly on the device. Part of that assessment is the risk associated with developers working in an area in which there is less experience and expertise.

Once the risks are identified, a business model can assign costs to each, for example assigning a monetary value to one customer having access to another customer's data. Monetary values can also be assigned to mitigating each risk and these should be assigned based on levels of mitigation, for example the cost of reducing the likelihood of one customer accessing another customer's data from a 1% probability to a 0.001% probability. Once that's done, the business decision about where to expend energy becomes a more informed business decision.

Presenting the risks and suggesting a cost analysis probably won't keep the development team from being scapegoated if and when things go sideways, but it might form the basis for a long term plan...e.g. staffing up with web security experts.

In the end, my first approximation is that if it's on the web it's insecure and even banks assume some losses.

Good luck.