User password is encrypted in Neo4j. BCypt encryption function is used (see Bcrypt on Wikipedia). This function is used at OS: BSD, SUSE Linux and other. It is generally considered safe for this purpose.
Browser - Graphlytic
Connection between Browser and Graphlytic should be configured to use HTTPS. Graphlytic is delivered with configuration to use self signed certificate for HTTPS. You can use your own valid certificate for HTTPS.
Graphlytic - Neo4j
Connection between Graphlytic and Neo4j can be configured to use HTTPS. See Neo4j security.