I guess you are not familiar with WordPress API. WordPress uses nonces to keep track of logged in users and authorized requests. Relatively new feature is also App authentication, which is under the hood basic authentication. However, while WordPress IS secure (nonces are sent in headers and have expiry time), specific plugin you are using may have this implemented correctly or incorrectly, and your security will depend on this plugin (as well as others) you are using. There are online sources to check on security of plugins, see if yours is listed.
There is another consideration – every user who has enough rights to change content may remove your “security shortcode”. So to account for that possibility, for example, only admin or specific personel should be allowed to edit these posts, which you have to develop yourself, or search plugin for that.