We probably don't but I wonder if we do have a security expert in our community. The scope of the security tasks (described above) could certainly amount to a GSoC project but with no clear mentorship, the result might be just as unclear.
So far, I haven't seen a large interest in security documentation and analysis from the community, however, just in case it wasn't representative, it could be useful to see if there's, indeed, enough demand to possibly chip in for a professional security audit or GSoC spec/mentorship.
For the information, here's the result of previous informal security audit:
However, it doesn't say anything about contacting remote servers.
For linking sake, here's a fairly recent, similar discussion