WEBSSH isn't only used by localhost.run, it is widely used to provide secure login access to servers. It is end to end encrypted, meaning regardless of client encryption or mode of operation the tunnels from localhost.run back to your local app are fully encrypted.