Since macOS 10.12 Sierra, it is possible to configure the built-in Screen Sharing/Remote Management service to only respond to local connection requests made via a secure connection.
To do so, open Terminal.app, copy and paste the following command:
sudo defaults write /Library/Preferences/com.apple.RemoteManagement.plist VNCOnlyLocalConnections -bool yes
To restore the default behaviour, use no instead of yes at the end of the command.
Requirement: Turn on Secure Connections
The only requirement for this configuration to work is to enable Secure Connections (SSH) in Screens and Screens Connect (if installed).
You will not be able to connect unless you use a secure connection since the VNCOnlyLocalConnections parameter instructs the service to only listen on localhost.
Enable Secure Connections in Screens Connect
Open the Preferences window and go to the General section and enable Use Remote Login.
Enable Secure Connections in Screens
Since Screens keeps in sync with Screens Connect, secure connections should be enabled automatically. If that is not the case, follow these steps:
Screens for iOS
Open the settings for the saved connection you wish to modify and enable Secure Connection.
In the Secure Connection section, make sure to turn on Enable on local network.
Screens for Mac
Open the settings for the saved connection you wish to modify and enable Secure Connections.
Make sure to turn on Enable on local network.