As a general tip; anything confidential (passwords, IDs, or even host names) should not be hard coded into a plugin. That info should be stored in a separate config file (or a database).
If you don't want other servers using the plugin, that's a bit more tricky. You could do something similar to public key authorization, but I'm not good at the technical details there.
A solution like ConnorMcLeod described would also work, but once the secret password is revealed it's too late to do anything further.