Can I use SSL to encrypt the App communication?

Yes. On sites, all communication (done over XML-RPC) is by default going to use an encrypted connection via SSL. For self-hosted WordPress sites with SSL enabled, WordPress 2.6.1 or later supports pointing the RSD information at the “https” version of xmlrpc.php, which creates an encrypted communication link with the app.