yep, good idea, many are having the issue that some1 is changing the miner settings and stealing this way the hash power.....
that is because people are opening their rigs to the world (internet) without using a firewall.
Can't blame anyone except themselves.
If the monitoring port was password protected things would be less critical
Maybe instead of forcing -mport -xxxx, you can add a password feature and if the password is not set, then open the monitoring port read only
But I agree this is more work than just changing the default behaviour, and this can be done later