The security of the doForms system is based on (i) data transmission encryption, and (ii) Google’s App Engine IT infrastructure security:

Data transmission between your mobile devices and the doForms website is encrypted using Secure Socket Layer(SSL)/ Transport Layer Security(TLS), depending on your browser’s settings. This protects your data while traveling over the airwaves or internet. If you are accessing doForms via your browser, please be sure to use the encrypted connection using https://mydoforms.appspot.com/login.

You can also have peace of mind knowing that your data and forms are hosted on Google’s App Engine IT infrastructure. Google App Engine has successfully undergone annual SAS 70 Type II audits which have evolved into the SSAE 16 Type II attestation and its international counterpart, ISAE 3402 Type II. Google App Engine is one of the first major cloud providers to be certified for compliance to these audit standards.

Third party audits are only part of the security and compliance benefits of Google App Engine products. Google protects our customers’ data by employing some of the foremost security experts, by executing rigorous safety processes, and by implementing cutting-edge technology. For more information visit the Google Apps Trust page.

Source: https://cloud.googleblog.com/2011/08/security-first-google-apps-and-google.html