I have a web server that only responds to requests from my LAN. I put sensitive info into an HTML file there, then point my phone's browser to it to copy/paste it; then I delete the info from the file. This way the data never leaves my LAN, which I believe is reasonably well protected.