The connection from your phone to the cloud server is through secure channels, the connection from the device to the cloud is currently not secured, though someone would have to know your 32-byte authorization token in order to cause any problem. For that reason, the authorization token should be kept for yourself.
If you don’t want the cloud connection, you can disable it by setting ‘accessibility’ to ‘Local only’.
What would it take to secure the connection between the device and the server? IMO, security should be a very high priority for OpenGarage, as it has the capability to let someone into my house. If the authorization token isn’t encrypted, it’s probably not that hard for an attacker to get it.