Sorry, meant if the end user's network was compromised, not the server's.
Whether or not you're on top of your game, HTTP leaves you vulnerable to MITM attacks[0]. So this would leave the end user vulnerable to any of these attacks even assuming Heroku has everything else perfect.
Whether or not you're on top of your game, HTTP leaves you vulnerable to MITM attacks[0]. So this would leave the end user vulnerable to any of these attacks even assuming Heroku has everything else perfect.
[0] https://en.wikipedia.org/wiki/Man-in-the-middle_attack