How does one secure the Istio Operator?

The documentation says,

Using an operator does have a security implication. With the istioctl install command, the operation will run in the admin user’s security context, whereas with an operator, an in-cluster pod will run the operation in its security context. To avoid a vulnerability, ensure that the operator deployment is sufficiently secured.

What should one do to secure the operator deployment?