It is known that with the multi-domain scenario, elastic optical networks (EONs) can improve network scalability, extend service coverage, and handle the multi-carrier situation. However, as a malicious client can launch cross-domain attacks in the physical layer, the security issues in multi-domain EONs should not be overlooked. In this paper, we consider how to improve the physical-layer security-level of multi-domain EONs. Specifically, we propose to differentiate the routing and spectrum assignment (RSA) schemes of intra- and inter-domain requests with security considerations. To achieve this, we review the physical-layer vulnerabilities due to different clients (especially trusted and untrusted ones) sharing optical components in EONs, analyze the potential attack scenarios to different RSA arrangements, and quantify the corresponding security threats with an attack factor. Then, we define the problem of multi-domain attack-aware RSA and formulate an integer linear programming model to solve it exactly. To reduce the time complexity, a heuristic algorithm is also proposed. The proposed algorithms are evaluated with extensive simulations using both the offline and online provisioning scenarios, and the simulation results verify its effectiveness.