Spigot should integrate BungeeGuard and BungeeCord should integrate BungeeGuard for better out of the box safety. So the request is for you to integrate BungeeGuard features into BungeeCord for safety and not have the hassle of installing another plugin to make the server safer easily. The features is to use a secure key that both the proxy and the backend server have to authenticate, making sure players are coming from the same proxy, not another impersonating proxy. A good example of how people would use the feature is they can just put a secure key on the proxy and use the same secure key on the backend server for authentication for more safety against impersonating proxies out of the box. However, it should made obvious enough that they should set this up and should be enabled by default (make it toggle-able). I would consider this a higher priority as having a safe server out of the box is important.