I think this should be changed that every client is able to register to the server.
It was easy for me to search for a OCS-Inventory instance where i can download the OCSpackage and install it on a VM. Now i have the client password !!
I don't want to dive deeper in here because i don't want inspire someone to to bad things, but i can tell you that this is possible in some instances.
I think in the long run the security model should be improved.
Right now i have to think about a possible solution before i write on github. perhaps a unambiguous Client Cert.