nihil, I think you have a good understanding of the problem now.

I have analyzed plain part of the packets, nothing suspisious there.

The developer has been contacted, but denies a problem.

I am currently not using the application in a way i could be exploited but there is a large community that uses this app it a way that they could.

and yes is possible for a bit of information less than the size of a credit card to be very valueble.