The 'secure' mode will be used by applications developers, not by the general public ... unless the general public suddenly develops the capacity for remembering 256-bit hash strings. The 'insecure' mode is described (already!) as "vulnerable to spoofing".
MS is rolling out an IPv6 implementation that routers and switches don't understand, so the most common use of this should be within a private network that uses a private namespace, like a workstation group in an office or VPN. My primary objection to this is that it will impede rollout of an official IPv6 implementation, which is almost guaranteed to be incompatible with the peer-based name resolution service implemented by PNRP.
Instead of the current handful of DNS servers maintaining authority over name resolution, the PNRP uses peers (!) to maintain authority and caches of names to resolve. That means if you enable this feature, your system will serve as a DNS server for the rest of the PNRP 'clouds', not including private clouds. The current IPv4 DNS system is undergoing issues with "DNS cache poisoning" attacks that seek to replace the few authoritative servers' cached info with false data for phishing, redirection, etc. What will happen when the peer-based system (under the control of the individual owners) starts becoming poisoned? Unless the user has decided to go with the 'secure' PNRP mode, the "vulnerable to spoofing" action is going to really heat up, and end up largely useless.
I agree with alinush ... bad news on the horizon (if 'normal' users ever figure out how to enable this feature).