And the next paragraph:
It is recommended that passwords be enabled for the Control Page and Setup Pages. Passwords should be at least 8 characters in length and use a combination of upper and lower case letters and numbers. For additional security, a firewall may be used to limit access to selected IP addresses. Another option may be to set up a Virtual Private Network (VPN) between the network where WebRelay resides and the client machine (web browser, second WebRelay, etc.).
You found one of their devices that is around $395.00 and supports:
Protocols: HTTP, HTTPS, SSL, SMTP, Modbus TCP/IP, Remote Services server and client
While almost all of their other devices are much less and support:
Protocols:HTTP, XML, Modbus TCP/IP
The two devices I have on hand and am looking at right now that didn't get used for a project are the X-DAQ-5I-I and X-WR-4R3-E. Both of these devices do not support HTTPS and don't support SSL. When I say insecure devices, I really mean local on the network. I wasn't referring to hacking remotely or them phoning home. I was referring to someone being between the devices and getting the password or hacking the device to open a gate. These devices can be used in a lot of scenarios to act as a remote switch. If that is used to open a gate, someone COULD be on the network, get into the device and open the gate.
The 2nd paragraph is important because they are suggesting what should be done to restrict network access to the Control By Web devices. Often times these things are not done and the majority of their devices do not have very high security.
Comparing one of these units to the Axis P8221, the Axis is much more securely built. That said, I still think Control by Web has some nice and useful products, but most of them need to have security measures in place when putting them on the network or controlling them over the Internet.