my thinking is the weakest link in the process would be the wifi router you use in your home/office to do the photon work. particle links are https . i’ve read a few reports of iot hacks causing some issues unrelated to particle but if i remember it was due to the setup name/pass not being changed on the devices by the enduser… of course any type attack might be possible i guess.