The hash offers little protection and once captured can be used as the password but the idea is to prevent other sites the user might use the password on by preventing the clear text version from being seen.
The Arduino is not capable of SSL hence why other solutions are being attempted.
The app does use SSL and encryption for cloud sync which is a new app feature.
Tapatalk is really getting worse in my opinion and sinking more time it isn’t justified. With that said, I use tapatalk for all my mobile forum needs and don’t have any particular issues since I’m still using the email for alerts.
Hope this helps.