[jodrellblank]

Allows active users of your app to spy on each other, seeing who connects and when.

Or maybe DOS your site, by pretending to be a PeerCDN participant but instead sending large chunks rate limited to 0.5Kb/s. The SHA1 hash check will stop them being used, but only after a long delay. People could be having a bad experience and you wouldn't even know by watching server stats.

How is the connection between peers encrypted?

[shitlord]

The problem of bad peers exists with BitTorrent as well, but it's not very effective unless you have a lot of IPs to spare. I found https://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=434346... to be an interesting read.