You are concerned with security? You have done everything to make sure the connections to your system are as secure as possible? Connections will be made and these connections will be used by authorized users. Maybe some users abuse trust and look at data that they should not.
How is this relevant to Web services or RFC? The new Read Access Logging (RAL) capability logs access that has occurred through certain so-called channels. Many channels are used to access data but, important to note, the three channels that are currently supported are Web services, various flavors of RFC, and Web Dynpro. So, if it is important for you to know who has read your sensitive information, you need to take RAL into account when planning connections to that data.
I have presented a very narrow view of RAL but, if this blog wakes your interest, check out the documentation on Read Access Logging and then engage with the experts in the Security space.