I bought a WeMo plug and was quite shocked to discover that there is no form of security or authentication. Anyone using the same network that your WeMo devices are using can control them using the WeMo mobile app and crucially keep controlling them once they have left your network via the Belkin cloud. They are effectively proving an open door to your network that requires you to trust Belkin to keep secure.

Edit: They do support UPnP, but still they are wide open to attack.