I loaded the script "http://find.zwave.me/zbw_new_user" a couple times. You will notice it generates a new private key each time. This is for the local service to connect to the z-wave server without password credentials.
This actually seems okay, the script should be loaded over https definitely but this ssh key part is really just giving a password to each device for connection.
This actually seems okay, the script should be loaded over https definitely but this ssh key part is really just giving a password to each device for connection.