Chances to get into the WiFi totally depends on the security setting. WEP and WPA are nowadays rather easy to infiltrate, WPA2 is the least one should use. Hiding the SSID (non broadcasting) adds another barrier (out of sight – out of mind).
Once a device is connected to the WiFi network, communication with any other node is easily possible. The Qu with the total lack of authentication may interpret any incoming packet (i.e. sent by some port scanner utility) as control data.
I know there are many people around who everywhere and anytime try to find open WiFi networks and “look” whats behind. Not necessarily bad intention to hack the Qu, but maybe just a bad coincidence of packet content.
@dave: Hmm, which firmware version are you running on your Qu24? Maybe the recently fixed sporadic-fader-movement-bug can do more than just fader movements.