The proxy is needed to make sure that we can modify the content in such a way that it works correctly during the session. We sandbox the site so that everything keeps works correctly. I'll go deeper into this in a blog post soon.

The connection to the proxy is encrypted and if the site you login also uses https, your password will never be send in clear text over the wire. Since form submissions are not actually replayed on the viewer's side, we only keep them for the time of the request and only in memory. For those companies who want to control the security fully we are working on a on a solution that can be installed on-premise.