This document specifies extensions to SDP that can be used by 
application protocols (most likely SIP endpoints) that rely on WebSocket 
as a transport. For this, they need a URI that will appear in an SDP 
attribute.

The Security Considerations section of the document adequately covers 
the problems with creating this SDP attribute to carry the URI, namely 
that SDP can be run either with or without authentication in the message 
and transport. The security considerations say that the entities SHOULD 
use S/MIME and TLS for these; this common-sense suggestions apply to all 
use of SDP, and is no more important here than for other uses of SDP.

--Paul Hoffman