When the provisioner tool was created, encryption wasn't available in many cases. In addition, adding it can lead to other issues (like people using the same user/pass for all their clients, or not knowing how to configure it, etc.) We added some functionality to provisioner which blocks scanning requests and does not allow you to download the config files without knowing a few things about properly crafting a request. So this is not actually as insecure as you're pointing out. It's been pretty solid. At this point, you'd basically have to craft a perfect request and know the exact MAC address of the phone you want to grab. In the future, we'll be locking this down by IP and providing functionality to deal with dynamic IPs. This should put an end to this, encryption or no encryption.