All access to the Summit Evergreen application is restricted to HTTPS encrypted connections.
User passwords are secured with BCrypt. They are never stored in the database in plaintext and are not readable by staff or other content creators. Passwords do provide access to the Summit Evergreen application, however, and it is the responsibility of the end user to protect his password with care.
Integration with third party services (Infusionsoft, Stripe, MailChimp, Ontraport, etc) are done through API keys.