I don't have the time to consult the souce, so I hope someone can answer me here instead.
When I logon to OneSwarm: For each of my friends, it ads my IP+port, encrypted with my friends public key, indexed by the hash of the concaternation of both our public keys, to the DHT, right?
Now, say that someone got their hands on my and my friend's public keys, they could get both our encrypted IPs from the DHT. If they could, magically, decrypt that and thus get our IPs, what mechanisms are there in the client to prevent any non-friends from connecting to me? They know everything about me that my friends also know.