UDP is really great, but it also makes it extremely easy to spoof the source IP and flood your monitoring server with fake metrics. It's probably not a huge concern, but something to be aware of. See a blog post I wrote in the context of statsd/carbon[1]
<shameless plug>
Also, if you're looking for a nice open-source front-end to graphite, take a look at Giraffe[2]. It also has a collectd plugin[3]
</shameless plug>
Yeah, that's why collectd supports authentication and encryption (https://www.collectd.org/documentation/manpages/collectd.con...). I can't really speak about Graphtie since I'm less used to it; but in this case you can decide to not expose the Graphite port and only expose the collectd port.
Good point. However, collectd's protocol is much more complex that carbon's; it can sign or encrypt the data to prevent spoofing. If spoofing is a concern, then instead of having collectd on your systems being monitored send directly to carbon, have them send to a collectd instance on your graphite server, and have that instance send to carbon on localhost.
<shameless plug> Also, if you're looking for a nice open-source front-end to graphite, take a look at Giraffe[2]. It also has a collectd plugin[3] </shameless plug>
[1]http://blog.gingerlime.com/2012/statsd-and-carbon-security/ [2]http://giraffe.kenhub.com/ [3]https://github.com/bflad/giraffe-collectd