I think you can use credentials fields and the nlapiRequestUrlWithCredentials and a guid to achieve encrypted calls to 3rd party apis, as far as I'm aware it only works in SS1 though.