The BOOTP server does not provide direct access to your iSeries™ system, and thus represents a limited security exposure.
Your primary concern as a security administrator is to ensure that the correct information is associated with the correct thin client. In other words, a mischief-maker could alter the BOOTP table and cause your thin clients to work incorrectly or not at all.
To administer the BOOTP server and the BOOTP table, you must have *IOSYSCFG special authority. You need to carefully control the user profiles that have *IOSYSCFG special authority on your system.