The beta release notes tout the fact that a new Connect IPSec policy is importable by the user with Windows file association. But opening that policy in notepad still shows the shared secret in plain text. How could this not be considered a big security risk? Why not encrypt these files. Otherwise we're playing "hide the policy" from the end users but still have to deploy it to remote users. If a bad guy gets a hold of the shared secret and knows a username and password it's game over.