In theory if you added it to a pool only the people within the security group would be able to access it. You could also use a login script to register it which means it would only be registered for people who have access. See link below for login sript example.
http://blogs.vmware.com/thinapp/2008/10/thinapp-thinreg.html