Secure use of Accounts.createUser on client side

How Accounts.createUser can be used securely on client side? I mean, if by architecture only admins can create users, how do i check that current user has permission to do such operation? I thought i could use onUserCreate hook on the server side, but current user is not accesible inside hook. Is Accounts.createUser usable on client only when everyone is allowed to free sign up/register?

The best option in this case is going to be to create a method and call it from the client.