The statement from the Mendix documentation about encrypting data at rest and in transit generally applies to deployments on the Mendix Cloud, where Mendix manages the infrastructure and ensures security configurations.
For on-premise deployments, the security of data at rest and in transit depends on how you configure your environment.