Rpc security best practices

Hey all,

When running remote rpc services, and sending modules, by default I believe that there is no authentication. If the correct IP and port is pinged, then access is granted.

In that case, following the example in the “Deploying to Raspberry Pi tutorial”, for security would the best approach be to add a key when running the server, and accessing it?

Are there other security practices that might be recommended, like checking certificates?