Regarding security and integrity of your login credentials, the app uses AES-128bit encryption against your credentials and saves them locally within its private storage folder (i.e. not accessible to anyone other than app itself). Not even a single bit is saved or transmitted to any remote location. It's your data, your property, hence saved locally on your device only. Nothing's saved in clear-text and is not visible to anyone - including the developer.
The app, itself is a a wrapper which communicates only and only with vimla.se (vimla-web-api) and fetches data to show on screen and widget.
You are more than welcome to run the app on an emulator and capture it's data-packets (e.g. wireshark) to further confirm my claim.
Perhaps, I should also update this information in app's Google-Play page :)
Thanks for your interest in Vimla Android-app.
If you have any other question or confusion, feel free to write me.