in light of things like this - https://www.bleepingcomputer.com/news/security/mongodb-apocalypse-is-here-as-ransom-attacks-hit-10-000-servers/
and given that plenty of people/orgs have public facing kafka installations that are wide open - https://www.shodan.io/search?query=kafka (yes, i realize those arent brokers, but you could scan for those too). has anyone given any though to making brokers more secure by default? maybe something like making the default password be some function of the ZK url? (which should be common to all brokers) or something ....
