It would be nice if the server could manage who has the rights of remote view/control.
Considering some operator's ID and password has leaked somehow (along the public key), anyone on the internet could connect to his computer.
If the remote viewing/control could be restricted, for example, based on IP address, the operator could be in the same network as the server, such as 192.168.0.0/24, that network address could be added on server config and only hosts connecting to the server using an address belonging to it would be allowed to request remote viewing/control. Considering this network isn't routeable on the internet, it acts as an added security layer.
Also, if that option is turned on, not even an ID/password would be viewable on the operator side, so it wouldn't be easily leaked, maybe as a separate config.

I came here looking for something similar. I don't want all users to be able to remotely connect. Only some people should be able to enter/use a remote ID in my case.