iManager is able to securely read eDirectory 8.8 encrypted attributes. However, because of the way it determines if an attribute is encrypted, iManager does not securely modify or delete these encrypted attributes. The impact of this, which can result in some wire-level data exposure, can be mitigated through normal network security practices such as the following:
Locating all iManager servers behind the firewall
Locating iManager servers physically near their associated eDirectory servers
Physically securing iManager and eDirectory servers
Requiring remote administrators to use a VPN to access iManager and eDirectory servers