I just stumbled across this thread again, and am amazed how much content has been added since our last post.
It seems the topic has recently centered around security, from worry about why the phones and PC's use our servers, to concern over "clear text" transmission. Let me address those.
Why do the phones go through our servers?
This provides one of the key features of the software, and why it is simpler to use than VNC and RDP, and why it can be used by far more people.
Consider those other protocols. Say you have the software on your phone and want to connect 3 PC's.
You run the software on your phone and enter the IP address for all three PC's. Sounds easy, but for it to work you must:
* Forward ports on the PC's internet-connected router so the phone can reach them
* Monitor your IP so when your ISP changes it, you update your phone
Many people do not know how, and would rather not bother. Moreover, many people cannot do these things, because the computer is in a workplace where they are not given access to forward ports on the router.
So, with PhoneMyPC, your PC's connect to the servers and announce themselves. When you run the app on the phone, it also connects to the servers, and gets a list of your PC's.
Next, you select a PC to use, and it's up to you what happens then.
* If you have forwarded the ports (as with VNC or RDP), PhoneMyPC will connect directly to your PC, leaving our servers out of the loop.
* If you have not forwarded the ports, you can still interact with your PC, through our servers.
In all cases, you never need to know your PC's IP address, nor worry about it changing, because our software does that for you.
This approach significantly improves the usability of the software, and does not effect security in any way. The fact that the data may pass through our servers does not give us the ability to control your PC (see below). Finally, in a future release, the data will be encrypted as it passes through our servers so only your PC and phone could possibly decipher it.
Is my PC in any way vulnerable when the PC app is running?
No. The only vulnerabilities relate to the transmission of unencrypted data in the current Beta product. Read on to understand why.
What are the vulnerabilities exactly?
When you configure your PC and phone, you enter credentials. These credentials are important, because anybody with an Android phone could use them to gain access to your PC.
But, they are encrypted when they are stored on disk, and they are never sent over the network.
Once your phone and PC begin to interact (regardless whether the interaction is through our servers, or through a direct phone-to-pc connection), the two devices mutually authenticate each other using a challenge-response technique that is very reliable and secure, and that does not require sending credentials over the network.
So, this means than when the PC software is running quietly on your PC, nobody can access your PC unless they have your PhoneMyPC name and password. Period.
But, because of the fact that the data is not encrypted at this time, there are two weaknesses.
1) Data inspection
Someone inside your network could use a network monitor to see your traffic, but only while you are interacting with your PC. To do this, they would have to get access to your network, use a packet sniffer, reverse-engineer our protocol. At this point they could see what you are doing.
2) Session hijack
It is possible that someone could take over a session while you are using your PC. However, this would require:
1) Owning (having control of) a PC inside your network
2) Implementing a DNS takeover so your PC connects to their [hijacked] box rather than our servers
3) Reverse engineering our protocol
4) Changing or turning off any port-forwarding rules you have in place (so the phone doesn't connect directly to your actual PC)
It would work like this:
* Your PC tries to connect to our servers, but because of the DNS hack, it connects to the hacked PC instead
* The hacked PC connects to our servers, forwarding the data coming from your PC
* The hacked PC watches and forwards data in both directions until you are authenticated and in the process of using your PC
* The hacked PC sends commands to your PC
I can't imagine what commands it could send that would be harmful; perhaps using the Action feature to open a browser or attempt to download a file, but this would still require a mouse-click to complete the download, which would be very hard to automate.
Consequently, I could put together similar hijack scenarios for all other remote control products.
Conclusion
I might not do banking with PhoneMyPC (until SSL is available again), unless I were on WIFI at home and knew there were no interlopers on my home network, but otherwise, I personally feel quite secure. There are minor vulnerabilities, but they are hard to do, require very dedicated effort and security failures beyond just PhoneMyPC to make them effective.
Sorry this is so long. We take all customer concerns seriously, and particularly security concerns. We not only want to reassure people, but go the extra mile to be clear where the vulnerabilities lie, even if they are obscure.
When we finish the Beta, our security model will be world-class, and a white-paper will be available on our website describing all threats and the countermeasures we have implemented to address them.
(or whatever other task I need to perform).
my credit card (gas card) was hacked and someone from armenia bought $1000 of groceries 
.. well sorry to say they did not get any of the groceries ..