Following @specialred discovery of a "free" tier in their products, I'm thinking that any Snapper (as long as they can get on the site) could set up their own broker that only they could publish to certain topics but anyone else can subscribe (by setting up a public guest user/password combo with only subscribe rights)
The company is emqx.com (that provide one of the current default public broker - broker.emqx.io )
The product is their "Serverless" (I hate that word/concept nearly as much as crypto!) free tier
The one I've spun up is at x83e5931.ala.us-east-1.emqxsl.com:8084
I've set a user called guest, password guest that can subscribe to any topic (currently there is only cheerlights/# that I an publishing to)
This would completely eliminate need to exchange any passwords whatsoever 
Might have to tweak the MQTT extension blocks to make sure they can fully cope with multiple brokers