Perfect is the enemy of good. I've found it's much better to get a project up and running as an "MVP" than to chase the perfect until the details suck all the fun out of it.

I don't get what you mean by "possibility for abuse". The author abusing it? Well if they wanted to do that they wouldn't have built the whole music detection thing and wrote about it on the internet. If Shazam gets breached or turns evil, we have infinitely bigger problems than this one phone on this one street. If the author's server gets hacked, the hacker wouldn't care about this - the hackers who want large surveillance networks hack phones and IoT crap, not random people's home servers.

And honestly, as a commentary on how commonplace and normal mass surveillance has become, which this project seems to be, I quite like the threat of "there is a box out there somewhere that sends everything it hears to a server and it does this not for good or evil, but because one programmer was bored and thought what if I could know what song was playing in the cafe across the street".