No, in the sense that it’s not any more secure than other methods. It’s an architectural choice that as others have said here, makes for messy code. A cleaner, still network-secure design, would allow you to flag functions on the chest as RPC’s that would be always be sent to the server where the chest’s secure state code is handled; as a nice perk, such an RPC would implicitly contain the chest id and the player controller id which is all most object interaction rpc’s would need. In fact new interaction objects like this can be introduced without any changes to the player controller (ie good OOD). Requiring us to relay chest data through a specialized RPC on our player controller is messy indeed.
Both architectures have the same security capabilities because both run server side logic that can check what ever it wants. Both solutions are open to spam; all that changes is the RPC signature of the spam.