It would be so logical, that there would be password for SMScon. The same password would be in SMScon-editor. The default password could be that 12345 or "smscon" or anything.
All commands coming from SMS should start with this password. Therefore there wouldn't have to be this "second" password which is now the prefix to SMS-commands settable in smscon-editor.

It would simplify, would make by default more secure, and even would consume less battery energy to check just the first word from SMS against the configured password and then retire or process it further if the password matches. Nowadays more there is SMS-commands recognized, more processing SMScon-daemon has to do with every incoming SMS, although most likely probability that the SMS was meant for SMScon is little in normal situation when the device is not lost or stolen.

Or is there really people who do not set the prefix (the 2nd password) in SMSCon-editor?