For my setup, I'm not overly concerned about security... the only wireless client I plan to have is the empeg. That lets me put the AP on it's own interface to my firewall. I can then filter packets to allow only the traffic I want.

That would only leave my empeg exposed... anyone port a hacked sshd to the empeg to allow only authenticated logins?