For those making a phonegap application, this may be an interesting article
http://www.neglectedpotential.com/2013/01/sslol/
Short summary is that by default your mendix app trusts all certificates on you phone. This means that if someone installs thier own certificate as trusted, he wil be to start his man-in-the-middle attack.
To fix this I think if would be good if Mendix apps come by defaul with the phonegap certificate checking mechanisme such as this one and checks the default fingerprint. Even though this does give problems with expiration of certificates of apps which wil force your users to download a new version.