The whole point of the app is to gain access to your VLE
More seriously though, the app interacts with your VLE via Moodle's web service API. Because if this, there should be no additional security risk to your VLE from using the app, over and above having web services enabled.