Hello.
The connection that really matters is between the browser and the Arduino. There is no connection between the Arduino and the site ardomotic.com. The browser connects to the site to download the program and all the images, and then connects to the Arduino to get the system configurations. The site is only used for the purpose of serving the files much faster than the arduino would do. You can also run the files directly from your filesystem, it's something I plan on explaining better before the final release. But this is just to avoid downloading the files over the internet, there's no gain in terms of security for the Arduino.
Once the files are in the browser, the only connection is between the browser and the arduino, so if they are on the same network the data never leaves your personal network. If you want to access from outside the network, yes that's not so secure anymore, the data can be sniffed. I mention that in the homepage:
"The server can be completely open or protected. Different users types can be created with specific user levels, allowing them limited levels of access to the system. Note that the authentication process is NOT encrypted, meaning that someone with access to the network and the proper knowledge can get try to find the credentials. It is not possible to use encryption on the Arduino simply because it does not have enough resources to process it. "
I might try do port the project to an Arduino Yun or something similar in the future go it can have proper security, but unfortunately that's long down the road...