In any scenario where HTTP is used (in general, not just related to Servoy), it is technically possible for someone to intercept the HTTP network traffic and inspect its contents.
When you enable HTTPS, all the network traffic between the HTTP client (browser) and HTTP server gets encrypted, meaning that the person intercepting the network traffic will only see garbled messages.
In the case of the Servoy Web Client it is no different. The extra thing the Servoy Web Client has that makes it more secure is that all the business logic is executed on the Server and in the browser only the UI is rendered in HTML & CSS. So, except for the HTML and CSS nothing is transferred between the client and server. Of course, the HTML includes the rendered data and/or user input.
So, to be 100% safe, it's best to run the Web Client under HTTPS. See
http://wiki.servoy.com/display/DOCS/Net ... d+settings for more info on how to set this up.
Paul