Syncthing is used by many users for - I would suggest various things that these users would like to keep secret (otherwise thy could use Bittorrent-Sync instead).
What do you thing about an external security audit for the syncthing components (protocol/Application/App/announce-server/etc)?
Is syncthing ready for this?
I know - this will cost money, maybe croudfunding would be a a way here…
Regards, Schuft69