the presence plugin is really cool. But i have a security concerns.
There are only 2 options. The first one is everybody could see any presence. The second option is only subscribed users can see presence. Which is not more secure in my opinion. If i know some Jids of users on the server, and if i know or assume they are subscribed to each other, i can use this jid and req_jid to see their status.
I think in the most use cases users just want to publish their own presence on a webpage. For this case it would be cool if i can get my own presence with my password only. Which is also more secure.
Or did i miss smth in the docs?