Is it available only to methods defined on server? yes
Can it be called by anonymous users or any client code? still yes
addInsert cannot be called from the client since it is already defined only on the server. But it can be called anyway because your method can be called from any client.
If you can provide more context to your use-case, perhaps we can come up with a pattern that can fullfill your current safety requirement.