I've only been able to think of one attack vector that doesn't involving brute-forcing or social-engineering of MCV's servers and staff. That one vector (man-in-the-middle on the remote access tunnel) would require DNS poisoning, so probably your ISP would have to be complicit to pull it off (or you do dumb things like have Vera use poor Wifi encryption).
In other words, if the three-letter-agencies are after you, they can snoop your Vera. Otherwise, you're as safe as you are on any other password-protected Internet site.
