S0 is the security protocol used by nearly all devices. This is implemented in the binding. S2 is the new security protocol - it was only brought in to effect last year, and I only only of 1 or 2 devices that use it so far.
The binding currently only supports S0 which is supported by all (secure) devices.
Pairing (ie inclusion) is a feature of the controller - but key exchange (ie secure inclusion) is not. This is coded in the binding.