Sure, as long as the VPN itself is secure. Strong passwords/keys, etc. A VPN itself can be a potential security risk, as if it’s compromised an attacker can tunnel traffic directly into a network straight past a firewall.

The risks can definitely be mitigated, but if someone’s asking for an ELI5 on KVMs, then it may be best to stay away until they have a better understanding of IT infrastructure altogether.