Revindex Impersonator is built with security in mind. The module can only be operated by registered users, administrators or super users therefore it cannot be exploited by outside public users. You can never impersonate as a super user. Only a super user (or another administrator) can impersonate as an administrator. However, any registered user can impersonate as another regular user.
In addition, you can always restrict access to the page or module simply by using the familiar page or module permissions settings.