AFAIK, there isn't really any way to secure individual nodes or flows.
You can install some nodes in a way that flow editors cannot delete and you can configure a node-red instance to disallow some specific nodes. You can also add a login to the editor. But that is about it.
I think that the recommendation is to have more than 1 instance of node-red. Use a protected instance to prevent access and expose appropriate API style connections.