This gem takes the following steps to ensure security.
This gem uses auth tokens that are:
changed after every request
of cryptographic strength
(not stored in plain-text),
securely compared (to protect against timing attacks),
invalidated after 2 weeks (thus requiring users to login again)
These measures were inspired by
this stackoverflow post
This gem further mitigates timing attacks by using
But the most important step is to use HTTPS. You are on the hook for that.