I checked with my website provider to verify if the ADF/XML emails are encrypted and was assured that they are.Doesn't sound like it. Data must be encrypted in transit and at rest. That "in transit" part...
Is your concern here regarding 3rd Party providers more so than website providers?
Forgive my ignorance here.