You are right regarding remote control ans SSH.
I apologize since I have not explained my self correctly. My conern is of code security rather than remote functionality. I have not seen any information on this issue in the documentation.
After performin a personal code audit I came to a conclusion (perhaps too fast, time will tell) that the 'pluto-admin' web interface is not designed with security in mind. Which, in my opinion, lightly put, is bad.
I have posted a bug report, as suggested by the above post, to fix an issue which is rather trivial to exploit. There might be more exploitable bugs in PHP code, I don't know at this point. I only hope this will encorage developers to incorporate a security model in their code design.