Thank you for your reply.
So the best way to use Cassandra would be at least behind a firewall.
In the future is it possible to add a username/password type security in? I plan to support the project, just as soon as I have some revenue coming in through my business.
I can't imagine anyone using Cassandra on public IP address space i.e. without a firewall. It's the same use-case as memcached, which also has no authentication or security.
The thrift protocol could in principle use a username/password I guess - I imagine that the reason that it doesn't is that Facebook have never required one.