Using a different IP address is no real security. If an unfriendly person can get to any IP address, that address can be attacked. J2EE defines a true security system and I suggest studying that.
If you actually have a practical need for different virtual hosts at different IP addresses, you have to have a deeper understanding of how Tomcat is assembled from its components. Tomcat's primary elements are Servers, Hosts, and Engines. Connector elements define which IP address(es) a given host will listen to and thus process.
In practice, any site that is complex enough to need multiple virtual hosts often needs to be able to present both J2EE and non-J2EE webapps (such as PHP or Django) and a better solution is to define them all to a front-end server such as Apache. Apache can then tunnel the JEE-specific requests to one or more Tomcat server/app combinations. Apache is also more secure as a web-facing system since it doesn't require elevated privileges to listen to standard ports 80 and 8443 the way Tomcat does.
Sources may include data from the Fakebook Research Foundation with support from Gargle University
What does a metric clock look like? I bet it is nothing like this tiny ad: