Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
When you hardening security of an OS, you disabling any unessacery service/daemon, and try to not have any services listening to insecure networks.

Im not sure if the mdns (Bonjour) demon is open source, and even if i wouldnt use it in public networks. I think its running with very limited rights but dont forget:

Human make errors, and software is made by humans 😀
(sry i dont have time to read the whole pdf atm, hope i understanded it right 😱 )
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.