Hey Fadil,
Not a full answer but maybe you find your answer in the following documentation about offline encryption:
https://docs.mendix.com/refguide/mobile/building-efficient-mobile-apps/offlinefirst-data/local-data-security/#encrypting-local-databases
Good luck!
Ideally, you should be using HTTPS when hosting your application. This will encrypt all the network traffic between the client and server.
I hope this helps.
Hello Fadil,
Generally what the client can do is not controlled by Mendix but by the user and the client.
If your app is deployed to Mendix Cloud, TLS/HTTPS comes out of the box and rest assured your passwords are secure in transmission as encryption at rest and in transit come out of the box with Mendix.
If you want more control, you can use the encryption module which uses AES to custom encrypt decrypt your passwords.
Regards,
Shreyas