I noticed that you are using -setcookie as an option in the flashpolicy file. Isn't this a huge security issue for someone who uses this erlang application and does not change or remove the setcookie option?
You're right, this is an issue when not running behind a firewall. Feel free to create a pull request that provides a fix.
Use random cookie when starting policy server node.
Also bind epmd to loopback interface only, when it is started by the erl command.
(This does not affect the epmd configuration if epmd was already started!)