This gem takes the following steps to ensure security.
This gem uses auth tokens that are:
- securely compared (to protect against timing attacks),
- invalidated after 2 weeks (thus requiring users to login again)
But the most important step is to use HTTPS. You are on the hook for that.