If I read that well the concern is not related to security but to add addition load or additional configuration complexity to these machines
The “Agent” is just a shell script which is scheduled by xinetd/inetd. Simple to install, consume almost no resources and very safe to run. Its not necessary to install a full package (rpm,deb etc.) The agent script and the xinetd/inetd configuration could be copied to the system. We do it that way with our AIX systems.
Scheduling the agent by ssh is more complex to setup and has also some security weaknesses. You cannot protect the private key with a password. If one get access to the private key he has access to the remote systems. As the agent and many other nagios plugins needs to be run with privileged account the risk is not acceptable for us.
Just my two cents
Michael