It looks like nobody has given any attention at all to security!
In the setup guide (http://docs.tingbot.com/guides/setup/), please provide instructions, and mention that it is CRUCIAL, to immediately change the password for the pi user from raspberry into something sensible.
Next, Tide includes the tingbot.key that can be used to SSH into ANY tinbot that has not removed the key from /home/pi/.ssh/authorized_keys this key is not even limited to some kind of tool just for installing tingbot apps.
Finally, why, oh why, do all tingapps run as root???! (That's not a question, fix it!)
Find the IP address of your Tingbot using Tide (dropdownmenu in the top right), Let's say the IP is 18.104.22.168. Below, replace 22.214.171.124 with the IP of your Tingbot.
SSH into your Tingbot, password is "raspberry" (without the quotes):
Change the password:
(type old password "raspberry", think of a new password, enter it twice)
Change the default SSH key, on your Mac, generate a new keypair:
(it asks for a filename, type: "tingbot.key" (without the quotes), overwrite yes)
Copy the contents of the file tingbot.key.pub to the tingbot as /home/pi/.ssh/authorized_keys overwriting the old one.
I guess now your tingbot is somewhat secure... Have fun not being hacked!
If you did not understand these instructions, DEMAND that the Tingbot OS will be secured, as the current state is UNACCEPTABLE. Do not accept excuses like "you will be behind a NAT anyway".