Hi Jargon,
First I have to say: GregorK is the lead programmer of Phex.
I don't know about the private IPs (that goes to deep into the code for me), but I think he'll drop by not to far in the future.
To block all but your private network, you can edit the "hostilehosts.cfg" in src.phex.resources, or you can follow the steps laid out here:
http://phex.org/content/view/47/47/
This way establishes a network name, which acts as password (but can be sniffed if someone gets at a packet).
Gregor also had a way to whitelist hosts, iirc, which would be the more secure way to do it.
Best for your users might be to pair it, so only youur deployed phexes can enter the network, and no multinetworkclient or similar can expose your files to the outside.