In addition to carefully managing the I/O on the host pc, it's also meaningful to physically secure both the host pc and the RIO device. Physical access can allow determined attackers a direct avenue to disrupt or reverse-engineer your application.
Locate the host pc in a secure, access controlled room. Grant access to only those who need to use the host pc to limit physical access. Set policies to manage user interaction with the host pc to mitigate security risks.
For the RIO device, consider a locked enclosure to limit physical access. The console out, ip reset, and safe mode DIP switches provide vulnerabilities that attackers can otherwise exploit. In addition to enclosing the RIO device in a locked container, locate the device difficult to reach or restricted access environment.