technically it's already protected by 2 passwords.
1> opers must be identified with nickserv to user OperServ
2> opers must also be opered up to use OperServ.
Since /os admin add may only be used by Services Root, then it's rather safe. Services Root is the highest level of Services access and only the most trusted users added to this list. If you can't trust a person to use /os admin add, then they don't need to be on your Services Root list.
[Edited on 30-9-2006 by katsklaw]