Yes these Microflows are only called from other Microflows (or Java actions), meaning that setting security on them is pointless and could give you a false sense of security, as Microflows can always be run by other Microflows and security only prohibits a user calling one directly. I would remove the security on these Microflows instead of ignoring the warnings.