We value your privacy. Communication to and from the server is encrypted using a secure HTTPS connection, just like the traffic between your computer and your online banking website. We take measures to protect our servers from outside intrusion, as we do with our own online store.
However, if you do want maximum privacy for your data, you’ll want to use a server you control rather than iCloud, Dropbox, or any other server that someone else runs for you.
Starting with OmniFocus 2.6 for Mac and OmniFocus 2.15 for iOS, your data will now be completely encrypted before it leaves your device so that it’s encrypted on the server itself. OmniFocus uses your sync password to generate a key that encrypts everything as it leaves your device. All encryption and decryption happens locally, so your data is always encrypted end-to-end and our server never has access to your encryption key. OmniFocus doesn’t encrypt the data stored on your local devices: you can use the built-in device encryption features in iOS (enabled by default) and OS X (FileVault) to encrypt your local data at rest.
New users of OmniFocus will start off with an encrypted database, whereas existing users will see a migration prompt to migrate to the encrypted format.
There are a few other things worth remembering: no one at Omni will have the ability to look at or restore your data. Further, if you lose every single device OmniFocus is installed on and you forget your password, you should consider your OmniFocus database lost and unrecoverable.
For comprehensive information about encrypted sync, check out this forum post.