Security Risk Exposing IBM Mainframe App Data via ApplinX

Has any SAG customer implemented online IBM mainframe application access through ApplinX to the internet, and whether they have continued to use their existing RACF ID and password security for access thru the web, or did they use another web-based security authentication layer in addition to just passing RACF thru ApplinX. Our concern is that the existing mainframe RACF ID and password security structure was designed for internal users, but not robust enough for complexity to mitigate risk of intrusion once the mainframe application is exposed to the outside on the internet. If other companies have resolved this through beefing up, say, their RACF password complexity structure, we would like to know that. If there were other security measures taken to augment RACF as a need to further secure the mainframe app to the outside on the internet, we would like to know how they did that as well.