Hi, I'm the author so I figure I can answer this. The system is built to run a local VM and RDP using the local NAT IP provided by the KVM networking system. So all RDP traffic is local to the machine. If for some reason you decide to use a separate server for RDP via the configuration, standard encryption pathways are in place just as with any other RDP scenario.