Is luci rpc call secured?


I enabled luci-mod-rpc package to use the luci rpc call to configure my ap.
I configuring through https curl command. I am not doing any certificate validating in my ap.
So anyone who knows my ip and in the same network can configure the through rpc call.

How to make the rpc call more secure. Validating the https certificate at ap is enough?