We run RSA encryption on the username and password before sending it over the wire via a network request. The encryption is done using a private/public key pair, and the encrypted data cannot be reversed engineered because the private key is kept securely in our system and not exposed to the SDK.