The info field in the Host or Page table can be set to "auth" to require authentication for the corresponding site or Page sub-tree.
Midgard uses basic http authentication as a default. In this case, passwords are only base64 encoded.
mgd_auth_midgard() also provides cookie based authentication. This is not secure either, as cookies can easily be hacked.
However, you may use SSL which provides real security.