Connection to XMPP server is done via auxiliary websocket server maintained by redsolution. Theoretically we can intercept your XMPP passwords, however, we don’t do that. This won’t be a problem when more servers will support OAuth2 authentication and allow token-based connectivity.