I think they're going for the opposite. They are building it so that all events are wide open access. The relays will not be able to ask for AUTH, nor do any kind of rate limits to protect from DoS (other than IP limits, which are flawed and hurt the ToR). AUTH could be added in to the client, bu...