I think that a workable security scenario could be:
1) Provide a password and decrease transfer speed on start up - this will protect the uploaded code from being viewed or modified. Here we will save a mapping between the Puck MAC address and the generated password.
2) Once the client receive the Puck with the uploaded code it should create "bonded" connection from the Gateway(Android phone, for example which will gather all the data), and will set IP for access where onConnect will disconnect any different than the provided IP connections and will automatically generate a password for all getter characteristics to protect them from other unauthorized third parties.
3) If the Puck requires a new code, the most secure way of doing that is to send to the client physically a Puck with the new code, secured in same way as described above in 1), where it has a mapping between IP and password only for the Pucks that have to be updated. The new Puck should initiate "bonded" connection one by one with all Pucks that have to be updated and will "self-propagate the code".
What do you think ?