There is no encryption in replication protocol and there no documentation on protocol at all as i know.
Basic security is to control what is replicated and what is not when theres many options how to do it, including cutting of entire actor from replication
GameMode object as well as foreign PlayerControllers are not replicated to clients by default so key data should be there. If property (UProperty) does not have CPF_Net frag on it won’t be replicated
Other then that you need took up the source code. If you really so not trusting UE4 replication you free to make your own protocol.