Answer
Secure an MCP server by enforcing authentication, scoping permissions per tool/action, and logging all access. Keep secrets server-side; never rely on the model to enforce policy. Gateways can centralize access control and monitoring.
Nuances & Considerations
If the server performs write actions, require explicit user identity and default-deny permissions.