Just what do you want to be secure against? Someone sniffing traffic? A man-in-the-middle attack? Censorship?

I used to spend a lot of time around Freenet (which tries to be secure against all of the above), and I can tell you that being secure against a broad range of attacks is highly non-trivial, and certainly isn't golf material. However, most P2P applications don't need all that to be useful.