From version 1.12, security will be activated in Sonar.
At project's level, there will be 3 roles : admin, user and code viewer. The web services are secured by the user role.
By default in Sonar, the user role is given to anyone and the plugin will continue to work fine. However, it is possible to secure the project or the instance and in that case the web services will not be publicly available. It should be possible to pass parameters to authenticate.