To avoid interception you should use SSL for transmission. However, because of same-origin you need to make sure you are at the correct version of the site as you play with the example. The SSL version would be https://ajaxref.com/ch7/ssl.html while the standard non-encrypted version is at http://ajaxref.com/ch7/ssl.html. Your browser should have a problem if you are not at the appropriate address corresponding to the checked SSL state.