> It drops every message that doesn't start with your secret::
Depending on how internet-proof you want to make this, I wonder if it might be better to sign with a secret and attach the signature to the message instead of directly sending the secret.
I considered that! But thought for this “first public” release it might be overkill. Definitely one of the possibilities for later