There are a number of methods in the PoS contract that should not be exposed to users. In particular, closeBlock, slash, chargeDeploy, and refundDeploy (and potentially others) should not be exposed to users. There are a couple of obvious ways secure their use.
The first option is to somehow parameterize these methods by a deployer Id and check that the passed deployer ID matches the expected deployer ID in the body of the method. This will work, but it puts the burden of identity verification on the PoS contract.
The second option (which avoids burdening the PoS contract) is to pass the private names to the PoS contract by making the PoS contract a system deploy. Then, since we'll have a handle on the appropriate names, we can just make system deploys that use those names to invoke the appropriate methods in the PoS contract.
There may be other options. The assignee of this ticket should determine what the appropriate method is and implement it.