A person could choose to install a host on a PC and provide the IP/DNS name of your RU server (if it's externally facing) and that would make their system available to your viewer if you know their IID but I can't think of a reason someone would do that... It wouldn't necessarily give you access to their system even depending on how they configured the security on the host installation. The RU server just acts as an intermediary to connect host to viewer and/or as IID address book.
Thanks Michael for your reply, I don't know either why someone would do that, but before I configure any hosts I would like to know if there was any settings to authenticate only "approved" hosts to connect to the server. But if there is not, then I dont have to care about it.
Indeed currently one can connect through your server if they know IP/DNS and port number. However, at some point in the future we are going implement some sort of authentication. Not to be confused with authentication already in place called custom server security - that one is used for a different purpose.