I mean It’s not impossible, and there are several ways to limit access to the admin login or increase security, which also depend on the environment you’re running Mailcow on.
One way would be to put a reverse proxy in front of it and then limit access to /admin to certain IP addresses or IP ranges.
Or maybe you could change the nginx config on Mailcow itself, but I’m not sure to what extent this can be done without breaking things, and whether the changes will be overwritten during upgrades.
Another approach to secure things would be to use an identity provider/SSO solution like Authentik or Keykloak, but I have no experience with them.