The Command Profiles tab is only for access to remote commands. Presently, there is no way to restrict access to the BLCLI.
And just to add to this, you should think of the BLCLI in the same way as using Configuration Manager. It is just a client to Operations Manager. You have to login the same way as you do for Configuration Manager. That is why there is no additional security required.
That being said, if you are generating cached credential files so that you can script with BLCLI, then you need to protect those files using OS level security.