There are three different security aspects that have to be considered on a server: transport security, access security, and storage security.
For transport security we delegate the issue to the underlying transport protocol. One example is to use HTTPS instead of HTTP. The server is configurable to accept one or the other from different IP addresses. So I could use the unsecured transport in a secure environment, like a private network and allow Internet based access via a secured transport only.
For access security we use a model close to the standard Unix file security model. Each entry has read and write bits for owner, group and other. A user can specify which entries are public, somehow public and private. The default flags can be specified in the configuration file.
The storage security is delegated to the underlaying database and the underlying file system. This usually means that the database administrator and the system adminitrator are able to read all data. But this is a common practice, and there are usually much more valuable files on a system than personal schedules.