Tobias and I recently gave a presentation on security in the IoT for a local meetup. While preparing for this we formulated some of our assumptions and principles for making WAMP and Crossbar.io secure for the first time.
I’ve written a blog post summarizing this - http://crossbario.com/blog/post/security-in-the-iot/
Just to make clear: Crossbar.io is and will remain open source. You will continue to be able use Crossbar.io as you are using it now. Any commercial offerings will be to make working with it easier or to add functionality for larger deployments.