Although provision network must be a safe environment, we should improve security for discovery. For this reason, I am putting this as a low prio ticket, just for the record we would like to extend the API with things like BIOS/firmware upgrades (which are more dangerous).
A) Communication Image->Foreman can be set to HTTPS (foreman.url=https://FQDN) so this is covered. We would like to make this the default option in the Discovery README (currently we state http only).
B) Communication Foreman->Image is currently http only, we can generate self-signed cert each start and perhaps generate a string token and send it to Foreman along with facts. This token could be used to do the Facts Refresh and Reboot remote commands to tighten the security a bit.