5.1. User account
The preconfigured image is not secure by default and at minimum the password for the
pi user should be changed!
The Mosquitto broker may be configured to require a username and password, which may then be set in
Should MQTT not be required at all, Mosquitto could be disabled from starting or uninstalled.
5.3. WebSocket API
The WebSocket API used by the display does not implement any sort of security.