By design, all devices connecting through a Meraki AP can ping the AP's Management Interface, even if they are on different VLANs.
This can be disconcerting when administrators expect ICMP traffic to be denied by their Inter-VLAN routing rules.
For example, a computer connected to a Guest SSID on 172.16.1.2 will be able to ping and AP with an IP address of 10.1.10.1, even if there are Deny Permissions set on the upstream router.
All other communication will follow the rules of the Inter-VLAN router.
For additional security, you can set the My.Meraki.com password by following this Knowledge Base Article:
Change My.meraki.com and Wired.meraki.com password