Stash already has built it tripwire. People who choose to expose their instances has to go out of their way into configuration and flip dangerous_allow_public_without_auth option value from false to true.
They are also linked to Protecting against accidental exposure to the internet once the tripwire is tripped.