The problem isn't with the extension. It is with the implementation. No code is inherently secured. It looks like they ran DataAssist to create a display of orders. The page does just that. If you want to secure that page, you need to provide a login page in order to have the opportunity to add security.
In order to correct this problem you could buy Security Assist and use that wizard to create a login page. Then add security to the administrative orders section that you curently have found is exposed (and to every other page that shouldn't be publicly viewable).