I'm being asked a lot of very good questions about EasySync again today, and a lot of them have to do with security. Here is a brief overview of how EasySync handles security, and why I think you can rest assured that the data being synced with EasySync is safe and secure.
EasySync uses FileMaker's native security model. So when a user pulls data, what they will receive will depend on the permissions that you've given them. All of the EasySync scripts run with the permission set of the mobile user. In other words, none of the scripts run with "Run script with full access privileges." That applies to the scripts running on the mobile device as well those running on the server.
Sync traffic is encrypted. If the server that you are syncing with is using the SSL encryption option, then your sync requests will be encrypted.
You have complete control over what data gets synced. You can choose what tables are to be synced, what records are to be synced, and what fields are to be synced.
There are also some nice security-related features built into in EasySync. You can setup a "white list" and only allow syncing from mobile devices that are on that list. You can "black list" mobile devices that you do not want to sync with. And should one of your mobile devices become compromised (lost, stolen, etc), you can add it to a "wipe list," and if the device attempts to sync then any local data on it will be deleted.
Sync payloads are examined prior to being processed. Whether pushing or pulling data using EasySync, the payloads that are generated and transferred aren't processed until they have been evaluated and found to be "well-formed." Any partially received payloads, or payloads that are incorrectly formatted, are rejected.
EasySync is transactional. Payloads are either fully applied, or they are completely rejected. There is no need to worry about data being partially applied. And this means that mobile users syncing over troublesome internet connections are safe, too.