I remember years ago when I was initially contemplating my camera server and how I would provision it that various vendors came to mind. Indeed I did audition several software company offerings but kept to the research until I was comfortable with a specific camera line.
I'm happy to say that my research and my trials were a success story for I now have eight cameras online with a cam server which supports 64 and the cams may not be accessed by the outside because I only route them internally and present them on a web page referentially.
Today I read in Ars Technica about web cams having "hard coded" passwords which can never be changed to something only known to the owner. This issue is indigenous to the Chinese Foscam line and those subsidiary downstream brands which utilize Foscam devices.
Foscam was one of those brands which made it to the finals in my pursuit of suitable hardware.
My first set were Trendnet which I noticed were accessed frequently from Asian IP addresses back when my configuration included routing to individual cameras. Now that I route ONLY to my web server configured to limit anonymous access even those would not be a problem ... now.
Suffice it to say that I had the solution in place prior to the problem becoming publicly known and I'm an obsessive compulsive for firmware and security updates on everything so I don't forsee any problems here at the crib — though I wil remain vigilant nonetheless. It just seems that my lack of trust has not been misguided since the mid 90s when it all went to hades in a handbasket for I'm a stickler for locking everything down as well as I can.