Precautions

1. We use passphrase authentication, so overall security fully depends on its strength. You should use long, high-entropy passphrases. Also remember to keep passphrase in temporary file and read it securely as described in verifier.
2. You must never use the same key for multiple clients.
3. You must use cryptographically good pseudo random number generator. By default we use default crypto/rand library that reads /dev/urandom source. Some GNU/Linux and FreeBSD systems are rather good with this entropy source. Closed proprietary ones are always not and you must use optional EGD feature with them.