Originally Posted by kingsinger
and I understand that the security of MM is perhaps suspect too
I don't think there are any known security issues with MobileMe other than accessing your data through MobileMe's web interface. The problem there is that the web access isn't encrypted.
However, this does not hold true for syncing data over MobileMe and accessing it from the desktop apps (iCal, Address Book, etc). The same holds true for accessing data on your iDisk, including OmniFocus syncing.
As Andrew mentioned above, access to the iDisk is encrypted, so I don't think there are any known security risks in syncing OmniFocus. The only things to be concerned about are:
(A) Comprised password - easily solved by using a good password and not sharing it with others.
(B) Can you trust the people (Apple in this case) who have physical access to the server on which your iDisk resides. But this is an inherent risk of cloud computing and something you'd face with any third party service.
FWIW, several people have submitted feature requests to allow encryption of the OmniFocus database itself, so when it's stored on the iDisk (or any third party webDAV server) it'll still be safe from unscrupulous support people. Such a feature might have an impact on OmniFocus' sync performance though, and there may be additional complications, so who knows if we'll actually see this released in the near future.