Since the transport is insecure, armor the message. See gpg (or the like) as one possible way to assist. It could be set up so that only a validly signed message from an allowed user can pass through.

I am not saying you have to go this route, just pointing out some weaknesses in the area of security, and this will probably be the last I say on this particular thread.