Pando acts as a limited P2P client in that it downloads the game to and from other users--but ONLY the game, no other files. It's possible that IP address in question is from an attempted upload/download of the game file.
It's possible the IP is just in a restricted range, or a dynamic IP now held by a legitimate gamer, yes.
As to claims of Pando's security, I'll take those with a grain of salt. There's probably a reason that the sticky on this page uses the words "at your own risk" in regards to allowing the program past your firewall. They can't control it and are unwilling to vouch for it.
As to the first point, it's theft of bandwidth to leave the thing set to (or changing the setting in my case) run in the background without notifying the user.
I don't have a huge issue with the bandwidth myself, but other people on more restrictive plans have been burnt by this in the past. This is one reason Turbine changed the default setting to not do background downloads.