Your site needs to be SSL (https), for the Signal/r traffic to be encrypted.
with SSL, the browser does the encryption/decryption, so the network tools see the unencrypted data.
as always you should never send hidden html data to the client, if you do not want them to have access.
note: you use SSL so network sniffers (public wifi, etc), can not intercept the client data. It does not protect your data from the client. your code must do that. if you pass PMI data (personal data) without SSL, you may be legally liable for a data breach from a sniffer.