[TeMPOraL]

That last remark was a bit uncalled for, but otherwise, you're spot on: this isn't a web API, there's no reason to assume symmetrical security measures on uplink and downlink. Keeping downlink in the open is actually pretty standard with satellites, but uplinks are almost always protected, because you don't want third parties to send commands to satellites or probes - be it adversaries or bored teenagers with a radio and a dish.

(And particularly in context of a high-profile mission like this, they definitely would want to keep telemetry open for third parties, to ensure their achievement is independently verified and recognized by the international community.)

[bleepblorp]

I don't see it as unjustified to point out that the primary risk actors in China's threat model will be the American armed forces and/or three letter agencies.

[TeMPOraL]

I didn't meant the "US armed forces" part, but the "them being that petty" one. Messing with a lunar mission would be risking an open conflict. I'm hoping they know better than to try that.