Your sandbox runs inside an isolated computing environment that only you and Next Tech can access (in the event we need to debug something). Sandbox isolation occurs using virtualization software that has been in use for over 10 years. It is more secure than various container technologies like Docker as it's more akin to a full computing environment.
All connections we make to it are over SSL encrypted connections (HTTPS or WSS). However, you can load web pages from your in-sandbox web browser over HTTP, if you so chose. We enable this so you can make requests to HTTP APIs if necessary.
This being said, you should not place passwords or production secrets into a sandbox. Specifically, this is because these would then be backed up with your code. We have plans to develop a secure way for you to do this, which you can follow along with or upvote here.