That's a great way to think. 
Security should always be something you have to keep in mind. Just because players don't know what happens between the server and InSim doesn't mean it's safe from attacks. Ignoring that makes you a poor programmer, especially because it can be easily be made safer without any negative side effects or something.
I would use some kind of hash or token or something anyway to let the InSim and server communicate with each other to have some kind of assurance that the programs are not some kind of fake traffic. But hey, that's just my 2ct.
Security should always be something you have to keep in mind. Just because players don't know what happens between the server and InSim doesn't mean it's safe from attacks. Ignoring that makes you a poor programmer, especially because it can be easily be made safer without any negative side effects or something.
I would use some kind of hash or token or something anyway to let the InSim and server communicate with each other to have some kind of assurance that the programs are not some kind of fake traffic. But hey, that's just my 2ct.