Yes, you must protect it via powerful authority-checks - but if authorized you have a powerful tool.
That is much better than scripting with dubious authority-checks and commits and screens which change.
The BAPIs are stable interfaces. SAP can extend them but cannot normally change them (there are a few exceptions - but the USER BAPIs are very stable and well supported - latest because SAP IDM and GRC uses them as well, so it is a good horse to bet your money on when you decide which coding approach to use for processing which SU01 and SU10 don't offer.
God bless BAPIs.. :-)
Cheers,
Julius