Here is some useful security-related information about Publisher for Confluence Cloud to Salesforce.
How does the app connect to both sites?
The app connects on both sides with the provided APIs (from Atlassian and from Salesforce), and it uses the required authentication methods.
How is data secured in transit?
Data travels through SSL using HTTPS.
Where does the data go (does it pass through any ServiceRocket servers, for example)?
We host our application on AWS, These credentials are sent to our app on AWS which is secured using standard security protocols and then the app calls Salesforce on your behalf.
What permissions does the app have?
It can perform requests on your behalf at any time.
It provides access to your data via the web
It can access and manage your data.