If you set an encryption key for a sync store all data is AES 256 bit encrypted before leaving the device and is stored in encrypted form on the server. It can only be retrieved using the correct key. The same is true for direct connections where all data is encrypted using the key set in the Bonjour options.
In addition, the username and password you set for newly created databases is used as soon as you sync the database to another device. The database cannot be retrieved from a sync store or via direct connection without entering the right credentials.