As noted, for S2 devices you have the option to not use security.
For S0 devices, you are stuck - there is no built-in way to join them without S0, and thus you are stuck with the 3x traffic penalty.
@danabw should have linked to his HOW-TO with instructions on using a Z-Wave USB stick and the as secondary controller to include the device without S0. I've successfully used it for several devices.
