If people implemented the "secret=" part of the NIP-46 standard, bunkers could simply drop requests that didn't include the connect secret, and none of this would be possible.  But among 3 clients @bu5hm4nn tested today, none of them use the secret parameter in the bunker:// url when they send in their connect string, which signalled to me that none of the bunkers are requiring it (well, except gossip. Gossip requires it.)