Yes, I think he is. It's true that snmp community is in clear text meaning who ever sniffer the wire can get the read-only and read-write strings. And with RW string, one can manupilate AP's configs. However, there's also a thing called access-list that can be configured on devices to prevent unauthorized access.
It's also a fact that snmp v3 is more secure because the username is encrypted. However, v3 is never be mass deployed because of it's complexity.
Based on experience, most customers are comfortable to enable snmp in their network. After all, with mass network devices deployed, snmp is the only way for managing them.
Rizwan is correct. You configure an ACL, and apply the ACL to the snmp community string which will restrict who can poll the AP using the community. Or you can apply the ACL to the FE interface, just like other IOS devices.