All the nodes and the front end are considered a single machine. It is very important to use a private network to run BProc on. There is no encryption of the BProc traffic. The only authentication done is a reserved port check on new connections to the master node. This is meant to keep rogue user processes on the system from messing with things.
The BProc system does not prevent remote machines from performing operations as root on other machines. This ability is really a requirement for the system. It does mean a single compromised machine compromises the entire system.