I was wondering, given the manual states that client and server must be running the same code base, whether that consitutes a security risk, with clients being able to see the server code?
This is only needed if you use Lite-C. In C-Script you won't need to use the same code. I don't get it why this should be a security risk, because in Lite-C the code is compiled into the exe.
There are 3 types of connections that can run simultan: The ENet Connection, a UDP connection (available in the PRO Version) and unlimited HTTP connections with database servers... (also available in the PRO)
You can change the connections between ENet servers by disconnecting and reconnecting using (enet_host_destroy or enet_disconnect_client on the server and enet_init_client).
I hope that helps.