We regularly audit the security details of our implementation, including our certificates. We ensure that consumers and servers interact with CRS APIs over HTTPS.
As mentioned in Token Validity Times, authorized user tokens have specific validity times allowing a limited amount f time for users to perform actions before expiring or requiring re-validation.