Well, without knowing the details of how they think two computers can reliably form a secure link without foreknowledge of each other, this doesn't exactly sound bullet proof. Self signed certs or something similar can only go so far. Hell, CA verified certs don't exactly go as far as most should be comfortable with.