We employ the most up to date Cross-site Scripting Prevention, Cross-site Request Forgery Prevention, and Cookie Attack Prevention (even though there is no login capability yet) techniques.

Furthermore the server is only accessible through non 80 ports from one single undisclosed location.

If the addresses were encrypted I could still change them so I don't see how encryption would help prevent me from doing so if I had the retarded intention to do so, unless I'm missing something?