I've just now suggested this on Slashdot: At startup, issue a big multi-line warning if the IP addresses that are getting bound aren't on the loopback address or a private internet. The private internets are defined in RFC 1918 as:
10.0.0.0 - 10.255.255.255 (10/8 prefix)
172.16.0.0 - 172.31.255.255 (172.16/12 prefix)
192.168.0.0 - 192.168.255.255 (192.168/16 prefix)
