The difficulty is key agreement and authentication, but both those happen in SSH itself. So by the time Mosh is invoked you're definitely an authorised user and you and the server share a secret, so Mosh is just moving encrypted packets.
It uses authenticated encryption, and I don't know much about the specific mode it apparently uses, OCB3, but in general there's just not that much to go wrong over and above all the work still happening in SSH.
The difficulty is key agreement and authentication, but both those happen in SSH itself. So by the time Mosh is invoked you're definitely an authorised user and you and the server share a secret, so Mosh is just moving encrypted packets.
It uses authenticated encryption, and I don't know much about the specific mode it apparently uses, OCB3, but in general there's just not that much to go wrong over and above all the work still happening in SSH.