VTP is created to have all switches have a common view of the vlans. It really is not a security thing more of a configuration assistant. If a vlan is in the database a switch can assign a port to the vlan. The best you can do is make it so that a client switch cannot define a port to a vlan that does not exist. The other purpose is to allow broadcast traffic to be pruned off a trunk. If there are no ports on a switch it would prune the vlan off the trunk. I normally manually only allow vlans on trunks I know there are ports active rather than turn everything on and hope it gets pruned.
I do not know a way to restrict a switch from placing ports into a vlan that needs to pass over its trunk ports.