Bitcoin-Cores RPC API is not meant to be available on the public internet. It's not hardened enough and the authentication (HTTP BASE AUTH) is not safe.

If you want to connect to the RPC-API over the internet, you have a couple of options...

• use VPN (openVPN, etc.)
• use stunnel
• use Apache with a reverse proxy and enable SSL (probably most easy to setup)

Also have a look at the 0.12 release notes: https://github.com/bitcoin/bitcoin/blob/master/doc/release-notes/release-notes-0.12.0.md#rpc-ssl-support-dropped