I wonder whether there should be a requirement to use authentication when making updates. As the doc says: Write operations (e.g., edit-config) to these data nodes without proper protection can have a negative effect on network operations. I'm sure someone will argue "if this is used in a closed network, we can avoid the use of authentication". Prudence suggests that "closed" networks don't remain that way forever, and defense-in-depth is advisable. Let's add a MUST or at least a SHOULD.