NWBC - what is the security level of this service by the access from Internet

Dear Colleagues,

I am project manager so please excuse if I am wrong but I am wired by the security aspect of NWBC as opened to Internet. Many basis experts (the conservative ones) are very skeptical about giving external access via NWBC to the system. They prefer SAP GUI or even SAP Portal via VPN. But without giving the real reasons. In my opinion NWBS is more secure at least because that is giving access only to limited to scope of functions and VPN opens access to everything in intranet.

I am very excited about the mobility and simplicity opened by NWBC access but now I am facing myths (better not to do it) instead clear positioning of the security levels that can be organised as the part of authorization politics. I found many security discussions on this forum but they are touching some spot aspects. The materials on SAP pages is too generall.

Can you advice me please where to find accurate explanation? We have 606.

Cheers Waldek