In UADP Network message, ExtendedFlags1 description contains:
"Bit 4: Security enabled
If the SecurityMode is SIGN_1 or SIGNANDENCRYPT_2, this flag is set, message security is enabled and the SecurityHeader is contained in the NetworkMessage header.
If this flag is not set, the SecurityHeader is omitted."

I have interpreted this, and I have met other developers who interpreted this, like that this bit is 0 when security is not used, and also vice versa: When security is not used, this bit is 0.
According to Matthias Damm, however, it is possible (and even envisioned) to set this bit to 1 and still use no security - because it is then possible to set bits 0 and 1 (for signing and encryption) in SecurityHeader.SecurityFlags to 0. Specifically, Matthias says that this is what the intent was for UADP security probes/announcements, which always have "Security enabled" set. According to Matthias, the intent was that the actual security will or will not be enabled with these discovery messages, but the bit will always be set.

There are problems with this interpretation and the current text, though:
1) The bit is called "Security enabled", not "Security header enabled".
2) The sentence "If the SecurityMode is SIGN_1 or SIGNANDENCRYPT_2, this flag is set, message security is enabled and the SecurityHeader is contained in the NetworkMessage header." states what is more or less obvious, but there is no sentence that would cover the case when this bit is 1, but no security is used, which is far less obvious.
3) If this bit is set and neither signing nor encrypting is used, what should be in SecurityHeader.SecurityTokenId? What should be in SecurityHeader.NonceLength and MessageNonce?