It sounds like you've done what you should be doing. I personally think RWW
is more secure than straight RDP, but I go a step further - I've installed
Scorpion Software's RWWGuard, using their AuthAnvil tokens.
(http://www.scorpionsoft.com - no direct affiliation, except that the owner
is a fellow MVP I have known for several years.)
RWWGuard adds an additional layer of security onto RWW by using two-factor
authentication. Not only do you need to know the username and password of
the domain account, but also a PIN + a one-time password (OTP). The best
part is, it's "SBS Aware" and completely integrated with RWW so your login
looks just like regular RWW, except there's an additional field for the
RWWGuard works with third party OTP's, such as CryptoCard, SecurID, as well
as their own AuthAnvil. AuthAnvil is usually a good deal cheaper, since it's
sold in smaller minimum quantitites appropriate to an SBS business.