Thanks AIC2000,
The reason I asked about security, is at the moment I just use pbx.domain.com, then each client has to specify their domain within fusionpbx, Ive seen many attempts from intruders trying to gain access and make calls, but they do so without using any domains in the auth attempt...