Cool proyect. Does it need to have a Mega? What would be the problem using a Uno? I was just thinking the Mega is too bulky and the Uno is smaller.
And as far as I know the ARM is UK based, so no naughty US surveilance. Can't remember what band the XBee uses but I'm sure you could write some encryption for it, because I remember it being like wifi, just try not to send unencrypted thing on the air unless you want to.