If people implemented the "secret=" part of the NIP-46 standard, bunkers could simply drop requests that didn't include the connect secret, and none of this would be possible.  But among 3 clients nostr:npub1hlq93jdtkfg29a8s7fqzzzh82q3pkc20rxucwt4geh6e56wk3y2qxdz5wg tested today, none of them use the secret parameter in the bunker:// url when they send in their connect string, which signalled to me that none of the bunkers are requiring it (well, except gossip. Gossip requires it.)