I have one of these cameras
I've managed to lock it down better by tweaking the startup file to write a new hosts file with stuff locked to localhost, iptables to nobble the UDP, and a new password pushed in after x seconds.
Not perfect but it's a start and anyway it is mostly a toy.
However - something to add to the disclosure. The service's DDNS lets the camera register itself so am address like abc1234@provider.com redirects to the camera. Well, it is configured with a cleartext HTTP request and the update password is banked into the camera's binary. I have used it to update arbitrary cameras (those marked as not being used) which means that it would be a doddle to hijack somebody else's camera.