Looks like you are using old version of PI notifications. I would suggest latest version PI notifications which is based on Event frame than tags. Automatic tag creations is based on default security on PI and would suggest PI notification/AF upgrade for better control on AF security and tag license.
Yes we are still using PI Notification 2012, and at the moment we are not planning to migrate to notification rules.
Is there any way, we can setup the security for the concerned tags, as having default security setting exposes these tags to huge audience which is of no use for majority.
If the Point Security or Data Security is not explicitly mentioned in the PI Point Configuration, when the tag is created, it automatically picks this configuration for the database security of PI Point table. Since, there is no option for you to configure the PI Point Security for the tags created by PI Notifications, unfortunately this is the expected behavior. You might have to do this manually using PI Builder or try to automate this with the "weapon" of your choice.
This behavior is also true for automatic tags created for storing analysis, unless you have mentioned the PI Point Security and Data Security in the PI Tag Configuration.