Clsync has plenty of security related options. ATM it is not easy to understand how they should be used together to gain maximum security for various use cases. So please add options like --hardened-user and --hardened-root-as in order to utilize full potential of clsync security features without deep digging into details of numerous related low-level options. Of course, names above are just examples, so use whatever you feel appropriate.

Good idea. ATM somebody can even accidentally decrease the security level (relatively to the default configuration) due to a bad understanding of clsync's security options.