If you aren't openning it up to the internet, and instead are just using it for development and testing then yes.
XAMPP is only the front end tool for the various services. If you where to open it up to the web then the most important things you secure are your Apache and your MySQL Installations, and your server itself. There is plenty of information on the world wide web for this but to summarise:
Lock down your firewalls on the server itself
Hide as much information as possible about your server to members of the public