Using a DBF/CDX file format does not address security unless you encrypt the records which may not be reasonable. If someone has access to the DBFs on the server then they can obviously read the data. This would be true since you have to attach to the server with the application.
However an intranet is a diffent story. It is easy to secure since the user does not have direct access to the server, they cannot open up the DBFs and read it. The only way they can do that is through the browser which talks to your application. In a way your VFP application is the server and manages what a user can do.