To me it seems like RDP over VPN is the more secure option provided you trust the machine connecting to the VPN or you have a setup that can verify it is trustworthy before granting it access.