Controlling the energy of unauthorized light signals in a quantum cryptosystem is an essential criterion for implementation security. Here, we propose a passive optical power limiter device based on thermo-optical defocusing effects providing a reliable power limiting threshold which can be readily adjusted to suit various quantum applications. In addition, the device is robust against a wide variety of signal variations (e.g. wavelength, pulse width), which is important for implementation security. Moreover, we experimentally show that the proposed device does not compromise quantum communication signals, in that it has only a very minimal impact (if not, negligible impact) on the intensity, phase, or polarization degrees of freedom of the photon, thus making it suitable for general communication purposes. To show its practical utility for quantum cryptography, we demonstrate and discuss three potential applications: (1) measurement-device-independent quantum key distribution with enhanced security against a general class of Trojan-horse attacks, (2) using the power limiter as a countermeasure against bright illumination attacks, and (3) the application of power limiters to potentially enhance the implementation security of plug-and-play quantum key distribution.