Currently we create a private key at build time and allow full access with this key by default. I think this opens a big security hole. Of course the same is true for the karaf:karaf user. What makes the private key more dangerous is that people might not see this hole as easily as the default user. So I think we should not do this.
Instead I propose to create a key at runtime and use it to connect to the local instance. We could store the generated private key in the user dir to make sure it is at a safe place.