[_seemethere]

By decentralizing you have to expose more things for interaction with different services leaving you more entry-points for a potential attack.

[KirinDave]

Sure.

I submit pretending every interface is external is expensive and painful but perhaps an accurate reflection of reality.

[uoaei]

Bake it into the protocol that each connection is regularly confirming the other party's active and passive security measures, and that if one of these tests fails the connection is severed.