And yes it makes the whole TacNet secure against mundane hacking.
I'm not so certain about that. Depends on a few things.
First off, wireless signals are capture-able even if not hackable. So the traffic between commlinks can be sniffed, decrypted, and supplied to the enemy. That info can include sensor readouts, communications between members, locations of TacNet members, etc, all info that could be very useful to the enemy.
Second off, not all groups trust each other enough to slave their runner comm to another team member, especially one of those
scary Technomancers . A decentralized TacNet would mean that the TM's TacNet CF would be interacting with the others, not controlling them. So any OTHER member of the TacNet could be hacked and the enemy hacker could insert bad intel which is then supplied to the group, including the TM.
And third, even with a centralized TacNet, the rest of the team's comms are slaved to the TM. That means that an enemy hacker can Spoof those commlinks if they figure out the TM's Access ID and break encryption. Best option, but still not "unhackable", has lots of potential for an enemy hacker.
Honestly, a TacNet is very easy to mess with for an enemy hacker regardless of a TM running it as a CF or not. I feel like the TacNet was put in there to give the hacker combat actions since cyberware hacking is so tricky. If you have a clever enemy hacker the best thing to do is turn the damn TacNet off.
All that said, I had a TM run TacNet as a CF, did it just as Dakka suggested. Worked fine.