Hi Nipun,
Good question and there are several layers to security to be considered. Each namespace with the CIF framework has a corresponding authorization code generated by Adobe specifically for that namespace and organization. To update/create action sequences will require this security auth id. Action sequences can also be versioned to provide backward compatibility to all systems if a major change has been made. Communication between components is via SSL to secure the transport.
Now, most commerce systems also have their own security layers as well. Magento, for example, requires an authorization token to be included in the REST header that corresponds to a guest or registered identity. The same holds true for other commerce platforms as well such as IBM Commerce and Oracle. Configuration connectivity should be managed during the implementation to validate configuration settings such as store id, catalog id, identity can only be retrieved from a valid source.
Hope this helps.