Comment 5 for bug 1320056

@tristan ... It is possible for users to configure the connection to their backend storage to use a username and password so a person doing a MITM attack could collect username and password to gain access to the user's storage backend.

If that were to happen things could really go down hill. They would potentially be able to harvest sensitive data off the storage backend by making volumes available to compromised nodes or even worse they could plant malicious code in existing or spoofed volumes that could infect people's VMs.

I don't know how likely it is that something like that would happen but it seems that it would be best to not just ignore host key failures.