I'd refer you to #q247267 for an initial answer.
Even though that asks about the difference between ROS 1 and ROS 2, I believe it will also answer your question (which is tagged as melodic
, so ROS 1). Note that answer was written in 2016: SROS2 is a mature part of ROS 2 these days and the situation in ROS 2 is no longer "unclear" as I write in my answer there.
For ROS 1, see also wiki/Security.
To end with a quote (by @Brian Gerkey at the ROS-Industrial Conference 2016):
if you claim that you've found a security hole in ROS 1, you're lying: there is no security
Note (for you and other (future) readers): read the linked answer and the security wiki page. ROS does not take a cavalier approach to security, but for ROS 1, it was never a design driver or requirement. As security is hard to "bolt on" afterwards, focus for rectifying this situation is with ROS 2, not ROS 1.
SROS 2 is an integral part of ROS 2 with support for strong encryption, authentication, access control and key and certificate management. Robotics security: What is SROS 2? by Canonical gives a good overview (albeit somewhat dated already, as it's 2019). You may want to look at ROS 2 DDS-Security integration and ROS 2 Access Control Policies for the design documents as well.