The networksetup command line tool gives a number of status items for an active wifi device. The one I am particularly interested in is "link auth", since it provides the current state of wifi encryption. If this is added, we could then have rules set based on whether it's using None, WEP, WPA, WPA2, etc.
Right now I have the following shell script to trigger on WPA connections.
# See if WiFi is encrypted with WPA
/System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport -I | grep -i "link auth" | grep -iq "wpa"
Do you care what type of security is being used or that it is being used at all? The latest build contains the ability to set a rule based on if the link is "secure" at all or not. You can get it from http://www.controlplaneapp.com/download/CI