As far as I can work out it's not possible to connect to any hosts without a host password or a relay logon.
The problem that Matthew mentioned is not about authorization or security. It's just that the server can be used as an intermediary by someone who just knows its address and port. That poses no threat to security but it's still a nuisance.
That said, in the upcoming version 184.108.40.206 beta 2 we will implement certain mechanism to protect the server from such use. Again, it's not about any "security breach" or anything like that, it's just that it is possible to "piggyback" on someone else's server should you know its address and port used.