Being conscious of security is always wise, but it's worth noting that the connection between two devices in a KDE Connect network is:
- Paired — KDE Connect doesn't accept clipboard or URL transfers from just any arbitrary devices, only ones it recognizes and has already established a pre-existing relationship with.
- Bi-directionally confirmed — User action has to be taken on both ends of the connection, in order to establish a new pairing link; an unknown device can't pair with your phone, or with your computer, without you having to authorize the pairing request.
- Encrypted — Once the pairing is established, every communication over the link is end-to-end encrypted. None of the content transferred from one device to another is ever visible to the outside world, and any attempts by the outside world to hijack that connection and insert malicious data will be ignored without the proper encryption.
The intent is to make the relationship between the two devices secure enough that they can be treated as extensions of each other. Absent any bugs or security flaws, syncing your clipboard's contents to a paired device shouldn't carry significantly more risk than placing that data in the clipboard in the first place.