Thanks for the responses. lajackson, your concern on the ssl cert is valid and will be resolved later today. I was trying to gauge what kind of interest the project might have before I decided to donate any more money to this cause. Luckily there are some pretty good discounts out there on ssl certs. I don't agree however that all settings are publicly visible, and neither do the courts. While the "everything is hackable" argument is technically true, hackable does not equal publicly visible. If it did, and if the church intended you to not share this info at all, it wouldn't have used the qualifier "or other publicly visible software application" and would have instead just said "or any other software application."
eblood66, I see your point but with encrypted databases this isn't really so much a concern. I guess I could add a layer of a "ward-wide" password that the admin chooses, that is never stored on the server but admins can distribute to their users which would be required in order to decrypt the data stored each time you access it. That wouldn't be a bad idea. I also disagree with your use of that forum post again. I mean, if you look just a couple of years before that you see the church telling every leader to shut down even the use of an email group.
http://bit.ly/1coL1pB
Obviously, different counsel for different times. We live in an age where the new church policy makes it very clear that other websites and software are fine, an age when the twelve apostles have official facebook and google+ accounts, when missionaries can use social media. The more ways to get people to connect in good, safe ways the better. That's the message I take from the recent counsel and guidelines. I appreciate your concerns, but I think this is well within the requirements of the policy.
I am always open to suggestions, specific security concerns, features (current and new) or bugs.