PAP itself is insecure as the passwords are sent unencrypted. If you transfer it through a TLS connection, all data inside it will be encrypted.
The only weak point you have is the communication between your VPN concentrator and your RADIUS server which will obfuscate data with shared secret.