Building POS without '-allow-insecure-unlock'

Hi there, We are building a local Polygon POS network. We’ve finished setting up with Geth, Heimdall, and Bor.

We gave the following option to execute Bor.
./bor server --chain=/root/bor/data/genesis.json --identity matic-cli --datadir /root/bor/data --port 30303 --bor.heimdall http://localhost:1317 --http --http.addr --ws --ws.addr --ws.port 8546 --ws.api eth,txpool,net,web3,bor,debug --http.vhosts * --http.corsdomain * * --http.port 8545 --ipcpath /root/bor/data/bor.ipc --http.api personal,eth,net,web3,txpool,miner,admin,bor,debug --syncmode full --miner.gaslimit 2000000000 --txpool.nolocals --txpool.accountslots 128 --txpool.globalslots 20000 --txpool.lifetime 0h16m0s --unlock 0x7d391b793e208f515a40c08dc87a2af1e53ffd95 --miner.etherbase 0x7d391b793e208f515a40c08dc87a2af1e53ffd95 --disable-bor-wallet=false --keystore /root/bor/data/keystore --password /root/bor/data/password.txt --allow-insecure-unlock --mine

With the above command options, our private network only succeeds to work between geth-heimdall-bor, if we include -allow-insecure-unlock, -unlock <coinbase>, and 'personal' in 'http api.'

But when we set the configuration as above, we can’t stop the attacks of random bots approaching with rpc api that withdraw ETH.

Is there a way to build the network without setting 'personal' in bor configuration, —allow-insure-unlock and —unlock <coinbase>?