How secure exactly is RDP

Well, it's not perfect, but it's good enough for most needs, il particular if you use the latest version and mandate network-level authentication. You can make it even more secure by adding a gateway server that will tunnel connections through SSL and protect your internal machines. Further refinement would be to use certificate authentication for the session but that's probably unnecessary.

As ever, though, the real question should be: what are you trying to protect and against what risk ? If you're going to RDP into the domain controller of your company, then you probably should invest into a few additional security measures (like the gateway server I mentioned) simply because causing a DOS on a DC can have real consequences fr your business. If you're just thinking of connecting to your home computer from the net (and already have descent security in place: good enough passwords and up-to-date OS), then it's probably not worth your while to secure it any further.