Yes. If you are using a WordPress.com site all communication uses an encrypted connection via SSL. For self-hosted sites using WordPress.org you'll need to have SSL enabled for your site. WordPress 2.6.1 or later supports pointing the RSD information at the “https” version of xmlrpc.php which creates an encrypted communication link with the app. If you need help setting this up it's best to contact your current web hosting company. Some devices may not see all SSL certificates as valid (especially self-signed certificates). If this occurs, you will need to manually accept the certificate on your device.