Joe Julian (joe) reports: Any host, whether a peer member or not, can use the remote-host command to gain access to the trusted peer group. The remote host can peer probe itself, modify the volume, set up geo-rep to a 3rd party, etc. Network security is not enough. Take, for instance, a storage-as-a-service model where you allow untrusted users to mount volumes. Since they need access to 24007 to retrieve their volume configuration, they can also issue remote-host commands.
This is by design, the network and hosts used by Gluster must be trusted.