Web server security

This documentation states “Even thought OrientDB Server is a regular Web Server, it is not recommended to expose it directly on the Internet or public networks. We suggest to always hide OrientDB server in a private network.”

http://orientdb.com/docs/3.0.x/internals/Web-Server.html

I don’t understand this. The server provides a Restful API. Why can’t we set up a SSL certificate to access it? Is this suggesting that we create a VPN to hide the OrientDB web server?

Thanks,
Kshanti