This caught my attention as well. They go out of their way to mention that the requests are HTTP, not HTTPS, which allows spying by all sorts of nefarious types. And then... they don't show the requests. It leads me to believe they are exaggerating all of this.
